Extending the key expiration date

[Florian Weimer]

Subba Rao <subba9@home.com> writes:
> > > Is it possible to edit the expiration date of the current key?
> > 
> > Yes, it's even possible without invalidating certificates.  This is a
> > known design flaw in OpenPGP.
> > 
> > I hope some day GnuPG will implement a workaround (e.g. limiting the
> > validity period of certificates to that of the certified key).

> Why is it a flaw? 

If an attacker obtains your secret key, he can arbitrarily increase
the lifetime of the key, thus increasing its value.

> All I want is to extend the key without having to
> revoke and regenerating a key.

You can do that even if all certificates are invalidated along the
way.

-- 
Florian Weimer 	                  Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898