[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GPG key expiry questions?

Hi, Ansgar.

On 14/03/18 03:26, Ansgar Burchardt wrote:

>>> You can change the expiry date of your own key, but for other people to
>>> be able to see it and avoid having your key show up as expired, you must
>>> publish the new (key? signature? not sure...) and others must fetch it
>>> before the expiry date hits.
>>>
>>> I think what happened is that you edited the expiration date of your key
>>> and published it, but the other person didn't get the updated version
>>> before their copy of your key expired.

>> Ah, that sounds plausible. I think I actually edited it after it had
>> expired, so very likely, if that causes a problem. I have a newer one as
>> well (4096 instead of 2048 bit) - though apparently with no signatures
>> on it yet. Not sure if that will suffer the same problem? I can't
>> remember if that one also expired and was posthumously edited ... If it
>> hasn't actually been used much, will that mean nobody's got it 'cached'?

> Editing the key is no problem, the other side just has to update their
> copy from time to time.  But this is necessary anyway: if they do not
> look for updates to the key, they will never know about key revocations
> either and continue to trust a revoked key.
> 
> Just run `gpg --refresh-keys` from time to time.

Thanks for the suggestion. I have updated my keyring:
(spanish output)

------------------------------------------------------
viper@orion:~$ gpg --refresh-keys
gpg: refreshing 195 keys from hkp://keys.gnupg.net
(...)
gpg: clave B4A2F08FEC70168D: "Richard Hector <richard@walnut.gen.nz>" 9
firmas nuevas
(...)
gpg: Cantidad total procesada: 193
gpg:              sin cambios: 106
gpg:      nuevos identificativos: 29
gpg:            nuevas subclaves: 14
gpg:               nuevas firmas: 3201
gpg: public key C11141521FA7D0B8 is 74797 seconds newer than the signature
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: public key C11141521FA7D0B8 is 74797 seconds newer than the signature
gpg: nivel: 0  validez:   2  firmada:   0  confianza: 0-, 0q, 0n, 0m, 0f, 2u
------------------------------------------------------

GNUPG seems to have found 9 new signatures ('firmas' in spanish)  from
Richard.

The output in English would be something like this:

Total amount processed: 193
without changes: 196
new identifiers: 14
new subkeys: 14
new signatures: 3201

These 'signatures' are new public keys?

Still Thunderbird is showing the expired key. Should I restart it to
take the changes?

Kind regards,
Daniel

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: