Changing expiration time of subkeys
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jan 6 06:34:42 CET 2010
On 01/05/2010 08:13 PM, taurus wrote:
> I am trying to change the expiration time of 2 sub-keys with no success.
> I edit the main key and with command expire I selected the uid(s)
sub-keys are not bound to any particular uid ("user id"), but rather to
the primary key itself. selecting any particular uid shouldn't have any
effect on any particular subkey.
> the result is this:
> Secret key is available.
> pub 4096R/C9CFBFA0 created: 2008-12-31 expires: never usage: SC
> trust: ultimate validity: ultimate
> sub 4096R/F2A8860E created: 2008-12-31 expired: 2009-12-31 usage: E
> ^^^^^^^^^^^ ^^^^^^^^^^^^^^
> sub 1024R/ED88A3D8 created: 2009-01-13 expires: 2010-01-13 usage: S
> ^^^^^^^^^^^^ ^^^^^^^^^^^^^^
The things you're underlining here (it's not really aligned using a
monospace font, so i'm not sure) appears to be the "created" field, not
the "expires" field. this is confusing.
Looking at C9CFBFA0 on the public keyservers, i don't see your signing
subkey (ED88A3D8) on it at all. is it possible that has not been
published? (your jpeg UAT is also not published, afaict)
> And this key continues unavailable for signing or encrypting in Mail
> I can't figure what I'm doing wrong, any help is welcome.
i think the usual recommendation is to not bother updating expiration
dates on subkeys; just make a new subkey with the intended usage flags,
and set a new expiration date. This should work fine for both signing-
and encryption-capable subkeys as long as you re-publish your entire
OpenPGP cert to the keyservers after adding the subkey, and your
correspondents know how to update their keyrings.
is there a reason that you need to keep any particular subkey in use?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 891 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users