Using subkeys to renew an expiring key

SeidlS at schneider.com SeidlS at schneider.com
Mon Aug 28 22:22:23 CEST 2006


I have been working on a process to encrypt data files and send it to other
organizations for processing.  As part of this process, we decided to set
our key to expire every year.  Last year we did not act before the key
expired and that same day added an additional subkey that would expire in
September, 2006.  We are now trying to be pro-active and work to "renew"
the key and distribute it before it expires.

I have two questions regarding how to "renew" this key.
1) Is the correct way to renew the key to add another subkey that expires
in September, 2007, or is there a better way?
2) If we do add another subkey that expires in September, 2007, how well
will the two subkeys work together?  It's going to be difficult to get
everyone to convert to the updated key in the same day, so we won't be able
to revoke the subkey at the same time we generate the new one.   Another
way to say this, we may be encrypting a file with the subkey added, while
one or more organization may be using the old key (without the new subkey)
and one or more organizations may be using the new key (with the new
subkey).  Will this work correctly??

Are there any other concerns that are being overlooked?


Thanks
Scott Seidl
Electronic Communication Services
seidls at schneider.com
Tel) 920-592-2163


This document, and any attachments therein, contains proprietary and
confidential information that may not be disclosed without the prior
written permission of Schneider National, Inc. and its subsidiaries.
Unauthorized use or misuse of this information and its contents is strictly
prohibited. Schneider National, Inc. vigorously protects its rights.




More information about the Gnupg-users mailing list