Secret key Questions regarding expiration and backing up

Andrew Gallagher andrewg at andrewg.com
Fri Oct 14 23:01:49 CEST 2016


On 14 Oct 2016, at 19:11, gpg at noffin.com wrote:
> 
> Hi there - pretty new with GPG, but have been getting going with it
> without much issue. I'm just curious about a few best practices and so on.
> 
> 1) Should you set an expiration on your secret key? Or do most people just
> secure it appropriately (with no expiration)?

Secret keys don't have expiration dates, only public keys. Best practice is to set an expiration date of a year or two in the future on the primary key, and either the same or shorter on your subkeys (I use the same expiry myself, for simplicity). 

The reason for this is that you may lose your secret material or forget your password, and you don't want stale keys hanging around on the internet forever with no indication that they are no longer usable. 

> 2) If you do have the secret key expire, and I have a backup of it (file
> format) - And for some reason I forget to extend it before expiration -
> can I still extend it?

Yes. Just edit the public key and republish. The expiration date only informs other people that their software should stop using the key - it doesn't prevent you from doing anything.

Andrew



More information about the Gnupg-users mailing list