Renewing expiring key - done correctly?

Robert J. Hansen rjh at
Tue Dec 3 22:02:06 CET 2013

> PRIMARY QUESTIONS - I am uncertain about the sub-key.  When I  
> attempt to 'expire' it the date does not seem to change.

The first question I have is, "How did you attempt to 'expire' it?"

> SECONDARY QUESTION - is there documentation regarding 'best  
> practices' on managing expiring keys and renewing via sub-keys

Unfortunately, no.

There will certainly be well-meaning people who will speak up with  
their own idea of what the best practices for such a thing are.  I  
encourage skepticism.  Key management is at least 95% policy, and  
policy will vary from person to person and place to place based on  
each individual's perceptions of risks and risk mitigation strategies.

By all means listen to these opinions, but please be skeptical of  
thinking they are correct.  What makes sense for one person's risk  
profile may not make sense for yours.  There are very few universal  
truths here, and that makes attempts at compiling best practices  
extremely difficult.

More information about the Gnupg-users mailing list