Hi, Ansgar. On 14/03/18 03:26, Ansgar Burchardt wrote: >>> You can change the expiry date of your own key, but for other people to >>> be able to see it and avoid having your key show up as expired, you must >>> publish the new (key? signature? not sure...) and others must fetch it >>> before the expiry date hits. >>> >>> I think what happened is that you edited the expiration date of your key >>> and published it, but the other person didn't get the updated version >>> before their copy of your key expired. >> Ah, that sounds plausible. I think I actually edited it after it had >> expired, so very likely, if that causes a problem. I have a newer one as >> well (4096 instead of 2048 bit) - though apparently with no signatures >> on it yet. Not sure if that will suffer the same problem? I can't >> remember if that one also expired and was posthumously edited ... If it >> hasn't actually been used much, will that mean nobody's got it 'cached'? > Editing the key is no problem, the other side just has to update their > copy from time to time. But this is necessary anyway: if they do not > look for updates to the key, they will never know about key revocations > either and continue to trust a revoked key. > > Just run `gpg --refresh-keys` from time to time. Thanks for the suggestion. I have updated my keyring: (spanish output) ------------------------------------------------------ viper@orion:~$ gpg --refresh-keys gpg: refreshing 195 keys from hkp://keys.gnupg.net (...) gpg: clave B4A2F08FEC70168D: "Richard Hector <richard@walnut.gen.nz>" 9 firmas nuevas (...) gpg: Cantidad total procesada: 193 gpg: sin cambios: 106 gpg: nuevos identificativos: 29 gpg: nuevas subclaves: 14 gpg: nuevas firmas: 3201 gpg: public key C11141521FA7D0B8 is 74797 seconds newer than the signature gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: public key C11141521FA7D0B8 is 74797 seconds newer than the signature gpg: nivel: 0 validez: 2 firmada: 0 confianza: 0-, 0q, 0n, 0m, 0f, 2u ------------------------------------------------------ GNUPG seems to have found 9 new signatures ('firmas' in spanish) from Richard. The output in English would be something like this: Total amount processed: 193 without changes: 196 new identifiers: 14 new subkeys: 14 new signatures: 3201 These 'signatures' are new public keys? Still Thunderbird is showing the expired key. Should I restart it to take the changes? Kind regards, Daniel
Attachment:
signature.asc
Description: OpenPGP digital signature