Post by AnonymousPost by David E. RossMy key expired some time ago and I've made a new one. Can I sign the
new key with the old key so that people will see that it's still me
and not some imposter?
No, not as long you do not update the expiry date.
Post by AnonymousPost by David E. RossNo, the expired key cannot be used for anything except to decrypt files
and messages that were encrypted by it before it expired.
Signatures can be checked too.
Post by AnonymousPost by David E. RossThe usual procedure is to set a calendar reminder on your computer that
the existing key will expire in a few weeks or a month. When reminded
about the pending expiration, generate a new key-pair
There is no need to generate a new key-pair if you only want to change
the expiry date.
Post by AnonymousPost by David E. Rossand sign the new
public key with the old key before the old key expires.
Okay, thanks for the iformation. I should have been paying better
attention.
So you mean it expired, but you did not want it to expire? As long as you
have the private key, you can set a new expiry date. The following link
gives detailed instructions.
http://www.g-loaded.eu/2010/11/01/change-expiration-date-gpg-key/
Post by AnonymousI wonder if I should just leave the next gpg key as one that
never expires. I know the arguments for expiring them, but this latest
gaff of mine breaks a chain.
Well, I don't know what your arguments are, but these are the two main
reasons:
- If you swithch to a new (stronger key), you can force others to use
that new key. As the old key expires others cannot use it to encrypt data
to you any more.
- You force people to update your key after a given time. That way you
can make sure they refresh your key with the revocation certificate if
you revoked your key. If your key never expires, people using the key may
never notice your key has been revoked...
The expiration date does not protect you in case your private key gets
compromised and you are unable to revoke it. That is because anyone
having your private key can set a new expiry date as shown in the link
above.
Post by AnonymousMaybe I can come up with some idea that will allow me to have an
expiration date for a key but have that key still be something that
will allow continuity if I let it expire.
If I understand you correctly, updating the expiry date (even of an
expired key) as indicated above is what you want.
Post by AnonymousOr I could try to get myself
to pay better attention to my key expiration date.
It is good to update your expiration date well in advance. That way
people using your key have a large time frame in which they can refresh
your key. For example, if you set it to expire in two years, do a yearly
update. That way people using your key can pick their own favorite moment
to update their keyring.
Arnold