On 14 Oct 2016, at 23:49, g...@noffin.com wrote:

> So for clarification then:
> If there are no expiry dates on secret keys, what does this output mean then?
> #gpg --list-secret-keys
> <snip>
> sec   2048R/xxxxxxxx 2014-10-30 [expires: 2017-10-31]
> </snip>

The expiry date shown here is just a copy of the one on the public key. It is 
checked by gnupg to prevent it making signatures with a secret key that has an 
expired public key (and which are therefore unverifiable by others). I suppose 
you could think of this as being the expiry of the secret key, but it is always 
the same as that of the public key and the one on the public key is the 
important one.

> And my next question is then... When I exported my secret key and moved it
> to another machine - why did the contents of the export to file change
> between the extension of the expiration date? (I exported before and after
> to test).

I'll defer to someone more expert than me on the internals, but my 
understanding is that a copy of some public key information (such as expiry 
dates) is kept in the corresponding secret key store, and this will be updated 
when the public key is edited.


Gnupg-users mailing list

Reply via email to