Renewing expired keys
Juan Miguel Navarro Martínez
juanmi.3000 at gmail.com
Sun Jan 15 22:17:39 CET 2017
On 2017-01-15 at 20:36, Rick Nakroshis wrote:
> List,
>
> Been a while since I used my GPG installation, and my keys have
> expired. Looking at the docs, I see how to set up an initial set of
> keys, but how about a follow-on set? Do I generate a new set with same
> email address, and sign them with my expired key to show they come from
> the same person? Not quite sure Suggestions/advice, please?
>
> Rick
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
If you want to keep the same keys (assuming they are still strong
enough) you can just extend its expiration date by editing your key with
`gpg[2] --edit-key (UID|KeyID|Fingerprint)` then use `expire` in `gpg>`
promt. If it has any subkeys, use `key n` (n = 1, 2, 3..) for all the
subkeys and use the `expire` command agan. Lastly `save` the changes.
Otherwise, you can also create a new master key and sign the new one
with the old one.
If you have a blog, personal or project's website or something that
people usually come to visit and know about your PGP keys, also make a
transtition statement signed with both keys telling which key you had,
which is the new one, their fringerprints and so on. Here are some examples:
http://fifthhorseman.net/key-transition-2007-06-15.txt
https://upsilon.cc/~zack/key-transition.2010.txt
https://vincent.bernat.im/en/blog/2012-gpg-transition-new-key.html
Lastly, revoke the old one if you aren't going to use it publicly anymore.
--
Juan Miguel Navarro Martínez
GPG Keyfingerprint:
5A91 90D4 CF27 9D52 D62A
BC58 88E2 947F 9BC6 B3CF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170115/9b2fbd07/attachment.sig>
More information about the Gnupg-users
mailing list