Extending the key expiration date
Wed Sep 5 20:21:02 2001
Subba Rao <firstname.lastname@example.org> writes:
> > > Is it possible to edit the expiration date of the current key?
> > Yes, it's even possible without invalidating certificates. This is a
> > known design flaw in OpenPGP.
> > I hope some day GnuPG will implement a workaround (e.g. limiting the
> > validity period of certificates to that of the certified key).
> Why is it a flaw?
If an attacker obtains your secret key, he can arbitrarily increase
the lifetime of the key, thus increasing its value.
> All I want is to extend the key without having to
> revoke and regenerating a key.
You can do that even if all certificates are invalidated along the
Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898