Secret key Questions regarding expiration and backing up
gpg at noffin.com
gpg at noffin.com
Sat Oct 15 00:49:37 CEST 2016
> On 14 Oct 2016, at 19:11, gpg at noffin.com wrote:
>> Hi there - pretty new with GPG, but have been getting going with it
>> without much issue. I'm just curious about a few best practices and so
>> 1) Should you set an expiration on your secret key? Or do most people
>> secure it appropriately (with no expiration)?
> Secret keys don't have expiration dates, only public keys. Best practice
> is to set an expiration date of a year or two in the future on the primary
> key, and either the same or shorter on your subkeys (I use the same expiry
> myself, for simplicity).
> The reason for this is that you may lose your secret material or forget
> your password, and you don't want stale keys hanging around on the
> internet forever with no indication that they are no longer usable.
>> 2) If you do have the secret key expire, and I have a backup of it (file
>> format) - And for some reason I forget to extend it before expiration -
>> can I still extend it?
> Yes. Just edit the public key and republish. The expiration date only
> informs other people that their software should stop using the key - it
> doesn't prevent you from doing anything.
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
So for clarification then:
If there are no expiry dates on secret keys, what does this output mean then?
sec 2048R/xxxxxxxx 2014-10-30 [expires: 2017-10-31]
And my next question is then... When I exported my secret key and moved it
to another machine - why did the contents of the export to file change
between the extension of the expiration date? (I exported before and after
Thanks in advance!
More information about the Gnupg-users