Secret key Questions regarding expiration and backing up
gpg at noffin.com
gpg at noffin.com
Sat Oct 15 00:49:37 CEST 2016
> On 14 Oct 2016, at 19:11, gpg at noffin.com wrote:
>>
>> Hi there - pretty new with GPG, but have been getting going with it
>> without much issue. I'm just curious about a few best practices and so
>> on.
>>
>> 1) Should you set an expiration on your secret key? Or do most people
>> just
>> secure it appropriately (with no expiration)?
>
> Secret keys don't have expiration dates, only public keys. Best practice
> is to set an expiration date of a year or two in the future on the primary
> key, and either the same or shorter on your subkeys (I use the same expiry
> myself, for simplicity).
>
> The reason for this is that you may lose your secret material or forget
> your password, and you don't want stale keys hanging around on the
> internet forever with no indication that they are no longer usable.
>
>> 2) If you do have the secret key expire, and I have a backup of it (file
>> format) - And for some reason I forget to extend it before expiration -
>> can I still extend it?
>
> Yes. Just edit the public key and republish. The expiration date only
> informs other people that their software should stop using the key - it
> doesn't prevent you from doing anything.
>
> Andrew
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
So for clarification then:
If there are no expiry dates on secret keys, what does this output mean then?
#gpg --list-secret-keys
<snip>
sec 2048R/xxxxxxxx 2014-10-30 [expires: 2017-10-31]
</snip>
And my next question is then... When I exported my secret key and moved it
to another machine - why did the contents of the export to file change
between the extension of the expiration date? (I exported before and after
to test).
Thanks in advance!
More information about the Gnupg-users
mailing list