[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Extending Expiration Date of an Already-Expired GPG Key



Robert L Cochran wrote:
> My gpg key expired last month and I didn't notice it till today. I
> used gpg --edit-key to extend the expiration date by a year, then I
> sent it to one of the key servers, subkeys.pgp.net. Is this an
> acceptable practice? Google searches yielded a few comments
> suggesting that an expired key could be revoked and a new key
> generated. I'm unsure what accepted practice is.

Either is acceptable.  For example, Werner Koch recently extended the
expiration date of the key used to sign gpg releases:

http://lists.gnupg.org/pipermail/gnupg-announce/2009q1/000282.html

Anytime you have a key expiring, it is a good time to ask yourself
whether it's time to create a new key or extend the life of the old
one.  Good reasons to create a new key include using larger key size.
Good reasons to continue using your existing key include keeping the
signatures on the key so that any trust you've built up by others
signing your key remains.

There isn't a simple, one size fits all answer to this question. :)

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
No one gets too old to learn a new way of being stupid.

Attachment: pgpSxVGdJUnEz.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]