expiring gpg keys

Faramir faramir.cl at gmail.com
Sat Jan 24 22:46:18 CET 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

David Newman escribió:
> Michael Lucas' gpg/pgp book recommends setting a relatively short
> expiration time, such as a year, for personal keys.

  Well... I am not sure if that is a good idea... since if your key
expires, you need to exchange signatures again, and sometimes, it is
hard to do a face to face meeting with all your contacts.

   For GPG users, there is an alternative, to add a signing subkey, and
to remove the main key, and work with the subkeys. The main key would be
stored in a safe place, and would only be imported to sign other keys,
or to generate new subkeys, as the old subkeys expire. That way, you
don't need to go through the whole process of exchanging keys each year.

   There is a tutorial about how to do that, but I have not followed it
(yet)... currently I try to keep my machine secure, and that's all.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJJe4wqAAoJEMV4f6PvczxA5OAIAIcAjD4nXNiLugsw1l0rNaN/
sKY+ALhSSOnmCp2hkFQa1iKCRmGMmdUEEetJ+eHYI1CzuEvUZHZ3fXDokviVpCB3
RzA4F7wJp6B6PN0oMSN3FbvqF5P9dSiI3xdYnhbhzYQfPPA65fCwV/hUf3vHT/MI
qsNwrHw/xSIN3j4YGoluvaI0b01nZJq4gqq18ykYfjDJIMNaqM4CbUpbUcHQ2w3B
WLAY/RIJF8JRwGl+Z8tj27+A1Otc94Rip1JWt4N3Smf346lXTJzYT1cXt5wy1ud4
/zV/9Fe8E5bviiXuSpGIPYfhWEFZLJtHHIt42aXXfXCdmW1rGUG5VBnTn/n4ekg=
=CaGc
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list