Renewing expiring key - done correctly?

Eric Poellinger epoellinger at
Tue Dec 3 17:22:28 CET 2013

Hello all

This is my first experience with renewing GPG keys - I did some research but wanted to confirm an observation.

This is the key before issuing the 'expire' command:

pub  2048R/4A4DBDC7  created: 2012-01-13  expires: 2014-01-12  usage: SC
                     trust: ultimate      validity: ultimate
sub  2048R/0C0305EC  created: 2012-01-13  expires: 2014-01-12  usage: E

I did a 2 year expiration and the master key (4A4DBDC7 ) was updated as expected (to 2015-12-03)

PRIMARY QUESTIONS - I am uncertain about the sub-key.  When I attempt to 'expire' it the date does not seem to change.  Maybe you cannot expire a sub-key?  Maybe I do not need to care because we are not using it in our encryption commands??  FYI, this key is only with one trading partner, so managing the change is not difficult.  

SECONDARY QUESTION - is there documentation regarding 'best practices' on managing expiring keys and renewing via sub-keys --- my theory is that doing it this way minimizes the coordination necessary but I am not understanding how it works if you have multiple trading partners to coordinate with.

Thanks for everyone's time to read this!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20131203/78fc2b59/attachment.html>

More information about the Gnupg-users mailing list