Thu Feb 21 16:28:01 2002
[S_ren] Hansen wrote/napisa=B3[a]/schrieb:
[Charset ISO-8859-1 unsupported, filtering to ASCII...]
> I've set an expiration date on my key.. When the time comes, where I'll
> have to generate a new key, what then?
> Which commands will I use?
> How will everybody know?
> How do I make sure I don't break any trust-relationsships that I've
> What will happen to other people's keys that I've signed?
> These may seem like stupid questions, but I'm still very new to this.
> It's my third day as a gnupg-user..
It is a controversal subject if you should make expiration date for
general-use keys at all.=20
I personally think you should not set expiration date on your primary key.
The rationale behind it is having new key again and again makes it hard for
your peers to extablish trust in your key, thus it is partially disruptive
to Web of Trust (which is feeble already and need not more disruptions), and
could be a mayor annoyance for your peers. If you want to change your keys
often, generate subkeys for encryption and signing then make them expirable
in time. This also solves the problem of signing other people's keys - you =
this with your main key and not with a subkey, so the signature won't
The command for generating a subkey is 'addsub', and for resetting expirati=
time is 'expire'. You enter both from within gpg --edit-key <your key>.
It is also important to have a prepared revocation certificate generated and
stored in a safe place in case you lose your secret keys. Standalone
revocations are short, you could even consider printing them out in case of
Hope this helps.
C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | =
; (_O : +-------------------------------------------------------------+ --=
! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka=
=BFde z=B3o | l_|/=09
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d=
no; | | =20