Re: GPG key expiry questions?
Richard Hector writes:
> On 14/03/18 15:50, likcoras wrote:
>> You can change the expiry date of your own key, but for other people to
>> be able to see it and avoid having your key show up as expired, you must
>> publish the new (key? signature? not sure...) and others must fetch it
>> before the expiry date hits.
>>
>> I think what happened is that you edited the expiration date of your key
>> and published it, but the other person didn't get the updated version
>> before their copy of your key expired.
>
> Ah, that sounds plausible. I think I actually edited it after it had
> expired, so very likely, if that causes a problem. I have a newer one as
> well (4096 instead of 2048 bit) - though apparently with no signatures
> on it yet. Not sure if that will suffer the same problem? I can't
> remember if that one also expired and was posthumously edited ... If it
> hasn't actually been used much, will that mean nobody's got it 'cached'?
Editing the key is no problem, the other side just has to update their
copy from time to time. But this is necessary anyway: if they do not
look for updates to the key, they will never know about key revocations
either and continue to trust a revoked key.
Just run `gpg --refresh-keys` from time to time.
Ansgar
Reply to: