Should I delete the old key after rotation?

No — keep the old secret key archived. You need it to decrypt messages that were encrypted to the old key during its active period. Stop using it for new signing or for receiving newly-encrypted content, but don't destroy the secret material.

Why sign the new key with the old key?

It creates a cryptographic link from your established identity to the new key. Anyone who already trusts the old key can inspect the signature and gain confidence the new key is yours. This is independent of, but complementary to, the transition statement.

Do I need a revocation certificate?

Strongly recommended. Revocation tells the world to stop encrypting new content to the old key. Without revocation, others may continue using your retired key indefinitely, encrypting messages you'll never read (because you've moved on to the new key in active use).

What if I'm rotating due to compromise?

Move faster. Revoke the old key immediately, publish the new key, distribute the transition statement urgently, and notify your active contacts directly. Treat anything encrypted to the old key after the compromise as potentially read by the attacker.

// guide / rotate-pgp-key

How to rotate your PGP key safely.

About fifteen minutes for the active steps, plus a grace period of weeks to months during which contacts notice the change. The procedure preserves access to your past encrypted messages — you\'re not destroying the old key, just retiring it.

~15 minutes active Weeks of grace period Affects all your contacts

// at a glance

Decide why you\'re rotating
Generate a new keypair
Sign the new key with the old
Publish the new public key
Issue a signed transition statement
Revoke and publish revocation for the old key
Archive the old secret key for decryption-only use

Prerequisites

An existing PGP key in PGPony you want to retire
Access to the email address(es) on the old key
Access to wherever you publish your fingerprint (website, social profiles, etc.)
Optional but useful: desktop GnuPG for signing one key with another and generating revocation certificates

// step 01

Decide why you\'re rotating.

The reason changes the urgency and the comms strategy:

Suspected compromise. Move fast. Revoke immediately. Treat anything encrypted to the old key after the suspected compromise date as potentially compromised.
Algorithm upgrade. Moving from RSA to Ed25519, or v4 to v6. No urgency. Normal grace period.
Expiration. Just extend the expiration if the key is otherwise fine. Only rotate to a new key if you actually want a new identity.
Periodic refresh. Some organizations and individuals rotate every 2–4 years as policy. Normal grace period.

// step 02

Generate a new keypair.

In PGPony, generate a fresh keypair with the same User ID(s) (name + email) as the old key. Ed25519 + Curve25519 is the modern recommendation. See Generate a PGP key on iPhone or on Android.

Use a different passphrase from the old key if there\'s any chance the old passphrase was exposed.

// step 03

Sign the new key with the old key.

Create a signature from your old key onto the new key. This is the cryptographic link asserting "I, holder of the old key, vouch that this new key is also me." PGPony doesn't expose key-signing (one key certifying another) in its UI, so this step uses desktop gpg:

Export both keys (old with secret, new public-only) to a desktop, import into gpg, then:
```
gpg --default-key OLD_FINGERPRINT --sign-key NEW_FINGERPRINT
gpg --export NEW_FINGERPRINT > new-key-signed.asc
```
Re-import the signed new key wherever you publish it.

// step 04

Publish the new public key.

Upload the new public key to keys.openpgp.org and verify the email. If you use WKD, update the file at /.well-known/openpgpkey/.../hu/HASH to contain the new public key (see the WKD guide for the directory structure).

The new key should be discoverable through the same channels the old one was.

// step 05

Issue a signed transition statement.

Write a short message announcing the rotation:

I am transitioning from PGP key:

  OLD: AAAA BBBB CCCC DDDD EEEE FFFF 1111 2222 3333 4444

to my new key:

  NEW: 5555 6666 7777 8888 9999 AAAA BBBB CCCC DDDD EEEE

Effective: 2026-05-28

Both keys are mine. Please update your records and start
encrypting to the new key. The old key remains valid for
decryption of past messages but will be revoked on 2026-08-28.

Sign this message with the OLD key (the signature attests "the old key\'s holder authored this") and distribute it through every channel where your old fingerprint was published — email signature, website, social profiles, mailing lists, key directories.

// step 06

Revoke the old key and publish the revocation.

Generate a revocation certificate for the old key. Two routes:

In PGPony: open the old key's detail view from the Keyring tab. Tap Generate Revocation Certificate. A "Revoke {your name}" sheet walks through reason selection (Compromised, Superseded, No longer used, etc.) and produces the signed revocation. PGPony surfaces a red "Revoked" banner on the key from that point on.

Via desktop gpg:

gpg --output revoke-OLD_FINGERPRINT.asc --gen-revoke OLD_FINGERPRINT
gpg --import revoke-OLD_FINGERPRINT.asc
gpg --keyserver hkps://keys.openpgp.org --send-keys OLD_FINGERPRINT

Publishing the revocation tells keyservers and WKD-consuming clients to mark the old key as revoked. Encryption to a revoked key still works mechanically, but well-behaved tools warn the sender that the recipient has revoked the key.

Tip Generate the revocation certificate at key creation time, ideally, and store it offline. Then it\'s available even if you lose access to the secret key later.

// step 07

Archive the old secret key for decryption-only use.

Don\'t delete the old secret key. You\'ll need it to decrypt messages that were encrypted to that key during its active period. Archive it alongside your other long-term backups (encrypted, off-device).

From this point forward, use the new key for all new signing and request that contacts encrypt to the new key. Keep the old around for read-access to historical messages only.

Verify it worked.

New key is in PGPony, marked as primary.
New key is published on keys.openpgp.org (verifiable by searching your email).
If using WKD, the new key is served at your WKD URL.
Old key shows as revoked when looked up.
Transition statement is reachable wherever your old fingerprint was previously listed.
A test encrypt → decrypt round-trip succeeds with the new key.

Common questions.

How often should I rotate?

No universal answer. Reasons: compromise (immediately), algorithm upgrade, expiration, periodic refresh (2–4 years common). For most users with no compromise, a working key can run for many years.

Delete the old key after rotation?

No. Keep the secret key archived to decrypt messages encrypted during the old key\'s active period. Stop using it for new signing.

What\'s a transition statement?

A short signed text announcing the rotation with both fingerprints. Signed with the OLD key so existing trust attests to it. Distributed where the old fingerprint was published.

Why sign new with old?

Cryptographic link from your established identity to the new key. Anyone who trusts the old can inspect the signature and gain confidence the new is yours.

Need a revocation certificate?

Strongly recommended. Tells the world to stop encrypting new content to the old key. Without it, others may continue using the retired key indefinitely.

Rotating due to compromise?

Move faster. Revoke immediately, publish the new key, distribute the transition statement urgently, notify active contacts directly. Treat anything encrypted to the old key after compromise as potentially read.

Next steps.

Get PGPony

Free OpenPGP encryption for iOS and Android. No accounts, no tracking.

Download on the App Store

Get it on Google Play