Changing expiration time of subkeys

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jan 6 06:34:42 CET 2010 

Hi taurus--

On 01/05/2010 08:13 PM, taurus wrote:
> I am trying to change the expiration time of 2 sub-keys with no success.
> I edit the main key and with command expire I selected the uid(s) 

sub-keys are not bound to any particular uid ("user id"), but rather to
the primary key itself.  selecting any particular uid shouldn't have any
effect on any particular subkey.

> the result is this:
> 
> Secret key is available.
> 
> pub  4096R/C9CFBFA0  created: 2008-12-31  expires: never       usage: SC
>                      trust: ultimate      validity: ultimate
> sub  4096R/F2A8860E  created: 2008-12-31  expired: 2009-12-31  usage: E
>     ^^^^^^^^^^^                ^^^^^^^^^^^^^^
> sub  1024R/ED88A3D8  created: 2009-01-13  expires: 2010-01-13  usage: S
>     ^^^^^^^^^^^^                ^^^^^^^^^^^^^^       

The things you're underlining here (it's not really aligned using a
monospace font, so i'm not sure) appears to be the "created" field, not
the "expires" field.  this is confusing.

Looking at C9CFBFA0 on the public keyservers, i don't see your signing
subkey (ED88A3D8) on it at all.  is it possible that has not been
published?  (your jpeg UAT is also not published, afaict)

> And this key continues unavailable for signing or encrypting in Mail
> application.
> I can't figure what I'm doing wrong, any help is welcome.

i think the usual recommendation is to not bother updating expiration
dates on subkeys; just make a new subkey with the intended usage flags,
and set a new expiration date.  This should work fine for both signing-
and encryption-capable subkeys as long as you re-publish your entire
OpenPGP cert to the keyservers after adding the subkey, and your
correspondents know how to update their keyrings.

is there a reason that you need to keep any particular subkey in use?

hth,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100106/46cc378b/attachment.pgp>

More information about the Gnupg-users mailing list