Extending Expiration dates of gnupg keys with the private key residing on a smart card

Johannes Graumann nonsense at graumannschaft.org
Mon Apr 10 10:46:57 CEST 2017


This is a retake of a stackexchange.com question, wheree so far noone
chimed in ... http://stackoverflow.com/q/43296285/2103880

I had setup a working smart card setup, where the local key ring solely
contained public subkeys and secret keys resided on a smart card.

Conservatively I set the expiration date to 1 year.

The setup worked nicely and as the keys approached there expiration
date, I proceeded as follows to attempt to extend their expiration

1) Kill running gpg-agent:
pkill gpg-agent

2) Import offline master key (backup):
gpg --import <KEYID>.master.key

3) Edit expiry of subkeys (pubkey):
gpg --expert --edit-key <KEYID>
- toggle keys 1, 2, 3 (sign, encrypt, authentication)
- expire: 1y
- save

4) Remove secret master keys:
gpg --delete-secret-keys <KEYID>

As a result the keys remain unavailable (expired?) to all means I
intent to use them with (kmail/kgpg/kleopatra, evolution/seahorse,

Where did I go wrong and how may I recover?

Thanks for any pointers.

Sincerely, Joh

More information about the Gnupg-users mailing list