On 2017-01-15 at 20:36, Rick Nakroshis wrote: > List, > > Been a while since I used my GPG installation, and my keys have > expired. Looking at the docs, I see how to set up an initial set of > keys, but how about a follow-on set? Do I generate a new set with same > email address, and sign them with my expired key to show they come from > the same person? Not quite sure Suggestions/advice, please? > > Rick > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > If you want to keep the same keys (assuming they are still strong enough) you can just extend its expiration date by editing your key with `gpg[2] --edit-key (UID|KeyID|Fingerprint)` then use `expire` in `gpg>` promt. If it has any subkeys, use `key n` (n = 1, 2, 3..) for all the subkeys and use the `expire` command agan. Lastly `save` the changes.
Otherwise, you can also create a new master key and sign the new one with the old one. If you have a blog, personal or project's website or something that people usually come to visit and know about your PGP keys, also make a transtition statement signed with both keys telling which key you had, which is the new one, their fringerprints and so on. Here are some examples: http://fifthhorseman.net/key-transition-2007-06-15.txt https://upsilon.cc/~zack/key-transition.2010.txt https://vincent.bernat.im/en/blog/2012-gpg-transition-new-key.html Lastly, revoke the old one if you aren't going to use it publicly anymore. -- Juan Miguel Navarro Martínez GPG Keyfingerprint: 5A91 90D4 CF27 9D52 D62A BC58 88E2 947F 9BC6 B3CF
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
