Sun Apr 13 19:52:01 2003
Content-Type: text/plain; charset=us-ascii
On Sun, Apr 13, 2003 at 05:06:32PM +0100, Richard Ibbotson wrote:
> I'd like to update my subkey so that it never expires. At the moment=20
> it looks like this...
> pub 1024D/E233C898 created: 2002-08-01 expires: never trust:f/f
> sub 2048g/48F969EB created: 2002-08-01 expires: 2003-08-01
> I've tried 'gpg --edit-key email@example.com'. But, when I try to=20
> change the date on the subkey by selecting the subkey with 'expire'=20
> gpg just selects the primary key and not the subkey. If I try=20
> 'expire 2' it still doesn't work.
Type "key 1" to select (which puts a * by) the subkey, then proceed as usua=
> Any suggestions ? I don't want to delete the subkey. I'm afraid that=20
> I might not be able to put it back again.
You'd have to restore it from a backup to get it back, or all data
encrypted to it would be unreadable. Revoking it or letting it expire
(and adding a new (encryption) subkey via 'addkey') would still let you
decrypt any data, however.
Also, since the public subkey is already on the keyservers (and presumably
otherwise in play), removing the private subkey from your keyring could
mean you can't revoke the subkey, so you'd only be able to let it expire.
(Will GPG revoke a subkey if the private portion isn't available? (Adding
legitimacy (a popular word these days...) to a bogus subkey by revoking it
would seem counterintuitive, so one may argue that a valid binding sig. is
first required, but it would seem to be useful if a subkey is accidentally
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
firstname.lastname@example.org | web: http://jharris.cjb.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
-----END PGP SIGNATURE-----