On 14 Oct 2016, at 19:11, g...@noffin.com wrote:
> Hi there - pretty new with GPG, but have been getting going with it
> without much issue. I'm just curious about a few best practices and so on.
> 1) Should you set an expiration on your secret key? Or do most people just
> secure it appropriately (with no expiration)?
Secret keys don't have expiration dates, only public keys. Best practice is to
set an expiration date of a year or two in the future on the primary key, and
either the same or shorter on your subkeys (I use the same expiry myself, for
The reason for this is that you may lose your secret material or forget your
password, and you don't want stale keys hanging around on the internet forever
with no indication that they are no longer usable.
> 2) If you do have the secret key expire, and I have a backup of it (file
> format) - And for some reason I forget to extend it before expiration -
> can I still extend it?
Yes. Just edit the public key and republish. The expiration date only informs
other people that their software should stop using the key - it doesn't prevent
you from doing anything.
Gnupg-users mailing list