Expiry and subkeys

CL Gilbert Lamont_Gilbert@RigidSoftware.com
Sat Jun 7 03:13:04 2003

Hash: SHA1

Ben Finney wrote:
| Howdy all,
| I've reached a state of confusion over how to properly handle key
| expiry.
| When I initially set up my main key pair, I set an expiry date.  That
| expiry date has passed, and I've created a new subkey with a new expiry
| date.  However:

So your main key is still expired, but you made a sub key on that
expired key, which is not expired?

| I can't decrypt old messages from before the expiry date (i.e. encrypted
| to my old key).

What did you do with the original subkey?

| In the last week (long after the key expired) I now get errors when
| attempting to sign or encrypt; "no subkey for keyid DEADBEEF" where
| DEADBEEF is the expired subkey ID.
| How do I diagnose this -- what information do I need to give so someone
| can help me understand what's gone wrong?
| And, in the larger view, how should key expiry be handled, both at key
| creation and at the time the key expires?

sounds like you have done away with your original encrypting key.  Do
you still have the original private key?  You did not delete the expired
portion did you?

- --

Carl L. Gilbert
Free Java interface to Freechess.org
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16

Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org