Yubikey PGP migration

The important question is how you generated your PGP key and subkeys.

As explained in the docs there are two ways:

  • Generating Keys externally from the YubiKey (Recommended)
  • Generating Your PGP Key directly on Your YubiKey

The first approach is recommended. You can use a live distro such as Tails to generate your keys on an airgapped (without networking) computer. Then you make backups of your keys to removable storage like a USB key or a hard drive, that you keep in a secure place.

The other option is to generate the keys directly on the device. This is very secure but the major drawback is that you cannot backup the keys. If you lose or destroy the device you lose your keys. With this approach, migration is not possible. This option should be avoided unless you know that your key is going to have a limited shelf life.

So if you chose option #1, it is quite easy. You don't need the old YubiKey. Start your live distro, reimport your private keys from the external storage, and you write them to the new YubiKey with the keytocard command.

To answer the question: in order to retain access to your mails you must keep the current key (and subkeys). But the hardware itself does not have to stay the same, it could be another YubiKey or a smart card as long as you have that external backup.

If you really must change your PGP key: in theory you could decrypt files and reencrypt them with a new key, But with E-mails this is complicated. They are probably stored in a mbox or pst file. Even if they are available as standalone files (on an IMAP server for instance), it's not the whole file that is encrypted but the mail body. The headers are still in clear. AFAIK PGP cannot just decrypt the encrypted part while keeping the rest of the file intact. There is no easy solution I'm afraid.

However, I did a test with Thunderbird. I chose an encrypted message, selected the whole message source (Ctrl-U) and copied it to a file. Then using gpg -d <the file> from the command line I was able to read the mail after entering the passphrase. But you don't have the headers and all that. What you get is a stripped-down version. It's not something that you could reinject to the mbox file for instance.