Using subkeys to renew an expiring key

SeidlS at schneider.com SeidlS at schneider.com
Tue Aug 29 16:33:01 CEST 2006


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> On 08/28/2006 10:22 PM, SeidlS at schneider.com wrote:
> > I have two questions regarding how to "renew" this key.
> > 1) Is the correct way to renew the key to add another subkey that
expires
> > in September, 2007, or is there a better way?
> This wouldn't renew your master key, you have to change expiration date
> with 'expire' command from --edit-key shell.
>
> > 2) If we do add another subkey that expires in September, 2007, how
well
> > will the two subkeys work together?  It's going to be difficult to get
> > everyone to convert to the updated key in the same day, so we won't be
able
> > to revoke the subkey at the same time we generate the new one.
Another
> > way to say this, we may be encrypting a file with the subkey added,
while
> > one or more organization may be using the old key (without the new
subkey)
> > and one or more organizations may be using the new key (with the new
> > subkey).  Will this work correctly??
> Unless you'd specify explicitely to use the old subkey, the most recent
> one will be used; you can encrypt the message to both subkeys(if not
> expired).
> - --

How do you encrypt to both subkeys?  Is this an option turned on with the
GPG command, or does it mean actually running the input file through two
seperate GPG commands?

-Scott


>
>   Q.E.D.
> War is Peace
> Freedom is Slavery
> Ignorance is Strength
>
> ICQ UIN: 301825501
> OpenPGP key ID: 0x58D14EB3
> Key fingerprint: 00B9 3E17 630F F2A7 FF96  DA6B AEE0 EC27 58D1 4EB3
> Check fingerprints before trusting a key!
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
>
> iD4DBQFE83HEH+Dh0Dl5XacRA89rAJd+qlbECQ0HyJ69k6XctlAQX8F3AKCDB/qB
> gHNulETqkC52SpdZkagOXg==
> =1EKs
> -----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list