encrypting to expired certificates

Doug Barton dougb at dougbarton.us
Tue Sep 16 19:06:47 CEST 2014

On 9/16/14 9:26 AM, Werner Koch wrote:
> On Tue, 16 Sep 2014 16:26, dkg at fifthhorseman.net said:
>> i've definitely seen people update their primary key's expiration date
>> and fail to update the expiration date of their subkey, so they have a
>> valid cert, but it still can't be used for encryption.  So they have to
> There needs to be warning in this case.  Can you please file a bug?

FWIW, I recently experienced that myself. The combination of knobs 
needed to select both the primary and the encryption sub key for 
updating the expiration was not intuitive, and I was quite surprised to 
see that when I updated the expiration date the first time that the 
subkey was not also updated. In fact I would not have known that at all 
if I hadn't done 'list-keys' after I edited the key just to be sure.

Doug (It's only paranoia if they're not actually out to get you) :)

More information about the Gnupg-users mailing list