> On 14 Oct 2016, at 19:11, g...@noffin.com wrote: >> >> Hi there - pretty new with GPG, but have been getting going with it >> without much issue. I'm just curious about a few best practices and so >> on. >> >> 1) Should you set an expiration on your secret key? Or do most people >> just >> secure it appropriately (with no expiration)? > > Secret keys don't have expiration dates, only public keys. Best practice > is to set an expiration date of a year or two in the future on the primary > key, and either the same or shorter on your subkeys (I use the same expiry > myself, for simplicity). > > The reason for this is that you may lose your secret material or forget > your password, and you don't want stale keys hanging around on the > internet forever with no indication that they are no longer usable. > >> 2) If you do have the secret key expire, and I have a backup of it (file >> format) - And for some reason I forget to extend it before expiration - >> can I still extend it? > > Yes. Just edit the public key and republish. The expiration date only > informs other people that their software should stop using the key - it > doesn't prevent you from doing anything. > > Andrew > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users >
So for clarification then: If there are no expiry dates on secret keys, what does this output mean then? #gpg --list-secret-keys <snip> sec 2048R/xxxxxxxx 2014-10-30 [expires: 2017-10-31] </snip> And my next question is then... When I exported my secret key and moved it to another machine - why did the contents of the export to file change between the extension of the expiration date? (I exported before and after to test). Thanks in advance! _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
