Using subkeys to renew an expiring key
qed at tiscali.it
Tue Aug 29 00:44:20 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
On 08/28/2006 10:22 PM, SeidlS at schneider.com wrote:
> I have two questions regarding how to "renew" this key.
> 1) Is the correct way to renew the key to add another subkey that expires
> in September, 2007, or is there a better way?
This wouldn't renew your master key, you have to change expiration date
with 'expire' command from --edit-key shell.
> 2) If we do add another subkey that expires in September, 2007, how well
> will the two subkeys work together? It's going to be difficult to get
> everyone to convert to the updated key in the same day, so we won't be able
> to revoke the subkey at the same time we generate the new one. Another
> way to say this, we may be encrypting a file with the subkey added, while
> one or more organization may be using the old key (without the new subkey)
> and one or more organizations may be using the new key (with the new
> subkey). Will this work correctly??
Unless you'd specify explicitely to use the old subkey, the most recent
one will be used; you can encrypt the message to both subkeys(if not
War is Peace
Freedom is Slavery
Ignorance is Strength
ICQ UIN: 301825501
OpenPGP key ID: 0x58D14EB3
Key fingerprint: 00B9 3E17 630F F2A7 FF96 DA6B AEE0 EC27 58D1 4EB3
Check fingerprints before trusting a key!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Gnupg-users