On 14 Oct 2016, at 19:11, g...@noffin.com wrote:
> Hi there - pretty new with GPG, but have been getting going with it
> without much issue. I'm just curious about a few best practices and so on.
> 1) Should you set an expiration on your secret key? Or do most people just
> secure it appropriately (with no expiration)?

Secret keys don't have expiration dates, only public keys. Best practice is to 
set an expiration date of a year or two in the future on the primary key, and 
either the same or shorter on your subkeys (I use the same expiry myself, for 

The reason for this is that you may lose your secret material or forget your 
password, and you don't want stale keys hanging around on the internet forever 
with no indication that they are no longer usable. 

> 2) If you do have the secret key expire, and I have a backup of it (file
> format) - And for some reason I forget to extend it before expiration -
> can I still extend it?

Yes. Just edit the public key and republish. The expiration date only informs 
other people that their software should stop using the key - it doesn't prevent 
you from doing anything.


Gnupg-users mailing list

Reply via email to