expiring gpg keys

David Shaw dshaw at jabberwocky.com
Sun Jan 25 04:38:44 CET 2009

On Jan 24, 2009, at 4:46 PM, Faramir wrote:

> David Newman escribió:
>> Michael Lucas' gpg/pgp book recommends setting a relatively short
>> expiration time, such as a year, for personal keys.
>  Well... I am not sure if that is a good idea... since if your key
> expires, you need to exchange signatures again, and sometimes, it is
> hard to do a face to face meeting with all your contacts.

You don't have to do this if you don't want to.   If you set an  
expiration date and the key expires, you can always change the  
expiration date to a further date in the future (i.e. 'un-expiring'  
your key).

>   For GPG users, there is an alternative, to add a signing subkey, and
> to remove the main key, and work with the subkeys. The main key  
> would be
> stored in a safe place, and would only be imported to sign other keys,
> or to generate new subkeys, as the old subkeys expire. That way, you
> don't need to go through the whole process of exchanging keys each  
> year.

This is what I do, FWIW.


More information about the Gnupg-users mailing list