gnupg and subkeys

David Shaw dshaw at
Tue Jan 7 22:09:02 CET 2003

On Tue, Jan 07, 2003 at 09:54:54PM +0100, Adrian 'Dagurashibanipal' von Bidder wrote:
> On Tue, 2003-01-07 at 21:20, David Shaw wrote:
> > On Tue, Jan 07, 2003 at 09:03:58PM +0100, Adrian 'Dagurashibanipal' von Bidder wrote:
> > 
> > > I have updated my document about multiple subkeys
> > > ( to gpg 1.2.1. There still are a few quirks,
> > > mostly it's just that the user interface could be better:
> > > 
> > >  * subkey creation: should offer to expire the subkey at the same time
> > > as the primary, if the primary has an expiry date set. (To discuss:
> > > should gpg forbid (except with --expert) creating subkeys that live
> > > longer than the primary?).
> > 
> > By definition, no subkey can live longer than the primary.  Even if
> > you create a subkey with a longer expiration date, it'll expire when
> > the primary does.
> As the lifetime of the primary can be extended, there may well be
> reasons to set an expiration date on the subkey that is in the future
> from the exp date on the primary.

Sure, so long as the user doesn't think it extends anything.

> OTOH, the lifetime of the subkey may be extended, too.

True, but not practically useful.  After extending the subkey
lifetime, you'd have to re-distribute your key.... and since you are
re-distributing the key, you may as well make a new subkey.  Still,
GnuPG does allow you to do it if you want to.


   David Shaw  |  dshaw at  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list