Expiry and subkeys

Ben Finney bignose@zip.com.au
Fri Jun 6 03:42:02 2003


--7gGkHNMELEOhSGF6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Howdy all,

I've reached a state of confusion over how to properly handle key
expiry.

When I initially set up my main key pair, I set an expiry date.  That
expiry date has passed, and I've created a new subkey with a new expiry
date.  However:

I can't decrypt old messages from before the expiry date (i.e. encrypted
to my old key).

In the last week (long after the key expired) I now get errors when
attempting to sign or encrypt; "no subkey for keyid DEADBEEF" where
DEADBEEF is the expired subkey ID.


How do I diagnose this -- what information do I need to give so someone
can help me understand what's gone wrong?

And, in the larger view, how should key expiry be handled, both at key
creation and at the time the key expires?

--=20
 \      "I bought a self learning record to learn Spanish. I turned it |
  `\        on and went to sleep; the record got stuck. The next day I |
_o__)                could only stutter in Spanish."  -- Steven Wright |
bignose@zip.com.au  F'print 9CFE12B0 791A4267 887F520C B7AC2E51 BD41714B

--7gGkHNMELEOhSGF6
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iEYEARECAAYFAj7f8aUACgkQt6wuUb1BcUva1gCgjrMwrCNteY2G4Lsamnn4gB7t
rccAn3BOcfMLZ/FdvsfMIPz1fl+p3iiW
=jl8O
-----END PGP SIGNATURE-----

--7gGkHNMELEOhSGF6--