Extending Expiration Date of an Already-Expired GPG Key
Todd Zullinger
tmz at pobox.com
Sat Feb 21 18:52:01 UTC 2009
Robert L Cochran wrote:
> My gpg key expired last month and I didn't notice it till today. I
> used gpg --edit-key to extend the expiration date by a year, then I
> sent it to one of the key servers, subkeys.pgp.net. Is this an
> acceptable practice? Google searches yielded a few comments
> suggesting that an expired key could be revoked and a new key
> generated. I'm unsure what accepted practice is.
Either is acceptable. For example, Werner Koch recently extended the
expiration date of the key used to sign gpg releases:
http://lists.gnupg.org/pipermail/gnupg-announce/2009q1/000282.html
Anytime you have a key expiring, it is a good time to ask yourself
whether it's time to create a new key or extend the life of the old
one. Good reasons to create a new key include using larger key size.
Good reasons to continue using your existing key include keeping the
signatures on the key so that any trust you've built up by others
signing your key remains.
There isn't a simple, one size fits all answer to this question. :)
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
No one gets too old to learn a new way of being stupid.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20090221/791d3018/attachment-0001.sig>
More information about the fedora-list
mailing list