Using subkeys to renew an expiring key

Qed qed at tiscali.it
Tue Aug 29 00:44:20 CEST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

On 08/28/2006 10:22 PM, SeidlS at schneider.com wrote:
> I have two questions regarding how to "renew" this key.
> 1) Is the correct way to renew the key to add another subkey that expires
> in September, 2007, or is there a better way?
This wouldn't renew your master key, you have to change expiration date
with 'expire' command from --edit-key shell.

> 2) If we do add another subkey that expires in September, 2007, how well
> will the two subkeys work together?  It's going to be difficult to get
> everyone to convert to the updated key in the same day, so we won't be able
> to revoke the subkey at the same time we generate the new one.   Another
> way to say this, we may be encrypting a file with the subkey added, while
> one or more organization may be using the old key (without the new subkey)
> and one or more organizations may be using the new key (with the new
> subkey).  Will this work correctly??
Unless you'd specify explicitely to use the old subkey, the most recent
one will be used; you can encrypt the message to both subkeys(if not
expired).
- --

  Q.E.D.
War is Peace
Freedom is Slavery
Ignorance is Strength

ICQ UIN: 301825501
OpenPGP key ID: 0x58D14EB3
Key fingerprint: 00B9 3E17 630F F2A7 FF96  DA6B AEE0 EC27 58D1 4EB3
Check fingerprints before trusting a key!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD4DBQFE83HEH+Dh0Dl5XacRA89rAJd+qlbECQ0HyJ69k6XctlAQX8F3AKCDB/qB
gHNulETqkC52SpdZkagOXg==
=1EKs
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list