Expiry Date

Jason Harris jharris@widomaker.com
Sun Apr 13 19:52:01 2003

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Apr 13, 2003 at 05:06:32PM +0100, Richard Ibbotson wrote:
> I'd like to update my subkey so that it never expires.  At the moment=20
> it looks like this...
> pub  1024D/E233C898  created: 2002-08-01 expires: never  trust:f/f
> sub  2048g/48F969EB  created: 2002-08-01 expires: 2003-08-01
> I've tried 'gpg --edit-key richard@sheflug.co.uk'.  But, when I try to=20
> change the date on the subkey by selecting the subkey with 'expire'=20
> gpg just selects the primary key and not the subkey.  If I try=20
> 'expire 2' it still doesn't work.

Type "key 1" to select (which puts a * by) the subkey, then proceed as usua=

> Any suggestions ?  I don't want to delete the subkey.  I'm afraid that=20
> I might not be able to put it back again.

You'd have to restore it from a backup to get it back, or all data
encrypted to it would be unreadable.  Revoking it or letting it expire
(and adding a new (encryption) subkey via 'addkey') would still let you
decrypt any data, however.

Also, since the public subkey is already on the keyservers (and presumably
otherwise in play), removing the private subkey from your keyring could
mean you can't revoke the subkey, so you'd only be able to let it expire.

(Will GPG revoke a subkey if the private portion isn't available?  (Adding
legitimacy (a popular word these days...) to a bogus subkey by revoking it
would seem counterintuitive, so one may argue that a valid binding sig. is
first required, but it would seem to be useful if a subkey is accidentally

Jason Harris          | NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris@widomaker.com | web:  http://jharris.cjb.net/

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.1 (FreeBSD)