question about public keys

David Smith Dave.Smith at st.com
Thu Nov 7 12:08:33 CET 2013


On 11/06/13 23:57, Smith, Cathy wrote:
> Hi
> 
> A couple of years ago I created a gpg key for an account that is use to transfer documents with vendors.  It's worked fine.  We now have a new vendor that won't accept the public key because of the expiration date.  I don't see a way to create another public key for this account with the shorter expiration date.  Replacing the current public key will disrupt business with existing customers.  Is there a solution other than creating another account with its own gpg key?

You have a number of options:

1. Edit the expiration date of the existing key, and then re-circulate
it.  Vendors with the old key will be able to carry on working, the new
one can use the key with the shorter expiration date.  As it comes close
to expiration, you can re-edit the expiration date to extend it.
However, this might not suit your new client's requirements.

2. Generate a new keypair with the same email address as the old one,
and only send it to the new client.  However, if it gets circulated to
other clients, it might cause confusion over which key to use.  You can
generate a new keypair with "gpg --gen-key".

3. Depending on what your new client's objections are, it might be
sufficient to generate a new encryption subkey within your existing
master key.  The new subkey can have a different expiration date to the
master key.  Most of your existing clients will continue using the
existing encryption subkey with a long expiration date; the new client
can specifically choose to use the new subkey with a shorter expiration
date.  When the new subkey expires, you can simply create another one
with a new expiration date.  You can add a subkey by running "gpg
--edit-key <key_id>" and then running the command "addkey".

HTH...



More information about the Gnupg-users mailing list