Best practice for periodic key change?

Andreas Heinlein aheinlein at
Thu May 5 08:52:44 CEST 2011


I hope you can give me some advice on the following problem:

We have a OpenPGP key which we use for signing our software releases.
That key should be changed yearly and carry an expiration date to
enforce this change. However, for the signatures to be useful, the key
has to be signed by quite a lot of well-known people and institutions,
which means a considerable effort.

If we just regenerate the whole key every year, we would have to get all
these signatures again. I have a feeling that generating new subkeys
might be a solution, but I have never worked with subkeys before, so I
thought you could give me some advice what would be the best thing to do.


More information about the Gnupg-users mailing list