Extending the key expiration date

Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
Wed Sep 5 20:21:02 2001


Subba Rao <subba9@home.com> writes:

> > > Is it possible to edit the expiration date of the current key?
> >
> > Yes, it's even possible without invalidating certificates. This is a
> > known design flaw in OpenPGP.
> >
> > I hope some day GnuPG will implement a workaround (e.g. limiting the
> > validity period of certificates to that of the certified key).

> Why is it a flaw?
If an attacker obtains your secret key, he can arbitrarily increase the lifetime of the key, thus increasing its value.
> All I want is to extend the key without having to
> revoke and regenerating a key.
You can do that even if all certificates are invalidated along the way. -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898