> On 14 Oct 2016, at 19:11, g...@noffin.com wrote:
>> Hi there - pretty new with GPG, but have been getting going with it
>> without much issue. I'm just curious about a few best practices and so
>> on.
>> 1) Should you set an expiration on your secret key? Or do most people
>> just
>> secure it appropriately (with no expiration)?
> Secret keys don't have expiration dates, only public keys. Best practice
> is to set an expiration date of a year or two in the future on the primary
> key, and either the same or shorter on your subkeys (I use the same expiry
> myself, for simplicity).
> The reason for this is that you may lose your secret material or forget
> your password, and you don't want stale keys hanging around on the
> internet forever with no indication that they are no longer usable.
>> 2) If you do have the secret key expire, and I have a backup of it (file
>> format) - And for some reason I forget to extend it before expiration -
>> can I still extend it?
> Yes. Just edit the public key and republish. The expiration date only
> informs other people that their software should stop using the key - it
> doesn't prevent you from doing anything.
> Andrew
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

So for clarification then:

If there are no expiry dates on secret keys, what does this output mean then?

#gpg --list-secret-keys

sec   2048R/xxxxxxxx 2014-10-30 [expires: 2017-10-31]

And my next question is then... When I exported my secret key and moved it
to another machine - why did the contents of the export to file change
between the extension of the expiration date? (I exported before and after
to test).

Thanks in advance!

Gnupg-users mailing list

Reply via email to