Renewing expiring key - done correctly?
Eric Poellinger
epoellinger at yahoo.com
Tue Dec 3 17:22:28 CET 2013
Hello all
This is my first experience with renewing GPG keys - I did some research but wanted to confirm an observation.
This is the key before issuing the 'expire' command:
pub 2048R/4A4DBDC7 created: 2012-01-13 expires: 2014-01-12 usage: SC
trust: ultimate validity: ultimate
sub 2048R/0C0305EC created: 2012-01-13 expires: 2014-01-12 usage: E
I did a 2 year expiration and the master key (4A4DBDC7 ) was updated as expected (to 2015-12-03)
PRIMARY QUESTIONS - I am uncertain about the sub-key. When I attempt to 'expire' it the date does not seem to change. Maybe you cannot expire a sub-key? Maybe I do not need to care because we are not using it in our encryption commands?? FYI, this key is only with one trading partner, so managing the change is not difficult.
SECONDARY QUESTION - is there documentation regarding 'best practices' on managing expiring keys and renewing via sub-keys --- my theory is that doing it this way minimizes the coordination necessary but I am not understanding how it works if you have multiple trading partners to coordinate with.
Thanks for everyone's time to read this!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20131203/78fc2b59/attachment.html>
More information about the Gnupg-users
mailing list