expiring gpg keys

Vlad "SATtva" Miller sattva at pgpru.com
Sat Jan 24 21:18:30 CET 2009


David Newman (25.01.2009 01:15):
> Michael Lucas' gpg/pgp book recommends setting a relatively short
> expiration time, such as a year, for personal keys.
> 
> Would an expired key still work into the future? If, for example, I
> sign/encrypt a file today using a key that expires next year, would I be
> able to decrypt the file three years from now?

While you keep the private key on the keyring, you may continue to use
it for decryption (and everybody else would be able to use the
corresponding public key for signature verification) even after it has
expired or been revoked. You, however, will not be able to use it for
signing, and others won't be able to encrypt data with the public key.

> I've been using a key that never expires to sign/encrypt mail and files
> on the assumption that keys with discrete lifetimes don't work after
> their expiration dates.
> 
> thanks
> 
> dn

-- 
SATtva | security & privacy consulting
www.vladmiller.info | www.pgpru.com




More information about the Gnupg-users mailing list