[Discuss] Expired gpg key
Derek Martin
invalid at pizzashack.org
Fri Oct 4 15:04:26 EDT 2013
On Fri, Oct 04, 2013 at 04:09:33AM -0400, John Abreau wrote:
> > On Thu, Oct 03, 2013 at 05:02:57AM -0400, John Abreau wrote:
> >> It should be noted that if the key is expired, then most likely all
> >> previous signatures on it are almost certainly also expired.
> >
> > Signatures don't expire, though the keys used to sign them might...
> > but this may not be interesting depending on how you--and the people
> > you communicate with--manage your keys. See below.
>
> I had an expired key a number of years ago that I edited with gnupg
> to extend the expiration date, and when I listed the key afterward,
> *all* the signatures on the key were listed as having expired on the
> original expiration date of my key. Was that just a bug in the way
> gnupg implements its -- list-keys option?
Actually I'm wrong... You can see the expiration dates of your key's
signatures by running:
gpg --list-sigs --list-option show-sig-expire ...
OK, so the reason I've never seen this is something I mentioned in my
previous e-mail: My signing key never expires. By default, PGP/GPG
will set the expiration of signatures on your keys to the date of your
signing key expiration.
Incidentally, here's a blog post from someone who advocates that same
key management policy, with his reasonings:
http://madduck.net/blog/2006.06.20:expiring-gpg/
--
Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address. Replying to it will result in
undeliverable mail due to spam prevention. Sorry for the inconvenience.
More information about the Discuss
mailing list