Expiry and subkeys
CL Gilbert
Lamont_Gilbert@RigidSoftware.com
Sat Jun 7 03:13:04 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ben Finney wrote:
| Howdy all,
|
| I've reached a state of confusion over how to properly handle key
| expiry.
|
| When I initially set up my main key pair, I set an expiry date. That
| expiry date has passed, and I've created a new subkey with a new expiry
| date. However:
|
So your main key is still expired, but you made a sub key on that
expired key, which is not expired?
| I can't decrypt old messages from before the expiry date (i.e. encrypted
| to my old key).
|
What did you do with the original subkey?
| In the last week (long after the key expired) I now get errors when
| attempting to sign or encrypt; "no subkey for keyid DEADBEEF" where
| DEADBEEF is the expired subkey ID.
|
|
| How do I diagnose this -- what information do I need to give so someone
| can help me understand what's gone wrong?
|
| And, in the larger view, how should key expiry be handled, both at key
| creation and at the time the key expires?
|
sounds like you have done away with your original encrypting key. Do
you still have the original private key? You did not delete the expired
portion did you?
- --
L8r,
Carl L. Gilbert
Free Java interface to Freechess.org
http://www.rigidsoftware.com/Chess/chess.html
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+4TxYVbJM14DSCi0RAhaiAKDdzdQ3zU2ba7JL7Q4tEU0lf5+YdACfTjyS
jBS9AAM5xG/5fpGxd6DaUP8=
=H6hI
-----END PGP SIGNATURE-----