Expiration date of subkeys (retroactive)

Andrew Gallagher andrewg at andrewg.com
Sun Jan 1 19:17:41 CET 2023

On 1 Jan 2023, at 03:49, gnupg-users at aschoettler.com wrote:
> I have several GnuPG keys which I edited with KGpg.
> https://apps.kde.org/de/kgpg/
> Unfortunately, the subkeys were not taken into account when setting the expiry date.
> How can I retroactively edit my expired keys and expire the subkeys?

If your primary key is already expired, there’s not much advantage to be gained by explicitly expiring the subkeys. It’s conceptually tidier, but a subkey of an expired primary key is just as (in)valid either way. The expiry date of a subkey is meant to expire the subkey earlier that its primary; the inverse case (subkey expiring later than its primary) is meaningless - once the primary is expired the entire key should be considered expired, subkeys and all. The only exception might be if you are interacting with client software that doesn’t calculate validity correctly, and needs the extra hint.


More information about the Gnupg-users mailing list