Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

PGP Subkey Expiration Extension - error

Created: 26 Dec 2012 | 5 comments

Hi

 I'd like to extend the expiration of one of the subkeys. There is no expiration for the main key.

 pgp --set-expiration-date --expiration-date 2015-01-20 0x939E72AF --passphrase PASSWORD

- I know that 0x939E72AF is the SUBKEY ID. But I get this message back

0x939E72AF:set expire date (2002:key to edit not found)

I do see the subkey in the fingerprint. I dont want to Change the expiration for the Key. Just this one SUBKEY needs to be extended . Can you please let me know what I am missing here?

Should I provide the command as:

 pgp --set-expiration-date --expiration-date 2015-01-20 MAINKEYID --subkey SUBKEYID  --passphrase PASSWORD - Is this a valid syntax? I couldnt find any reference to it online.

- I want to confirm before i try this. Just to avoid any mishaps as this is in PROD.

Many Thanks

 

 

Comments 5 CommentsJump to latest comment

dfinkelstein's picture

Yes, that syntax should work.  Operations on subkeys require you specify the KeyID of the "top" key, and you then specify the subkey using the --subkey option.

I'm sorry this is not clear in the documentation.

Regards,

 

--------

David Finkelstein

Symantec R&D

Mylapore's picture

Hi

When I use

"pgp --set-expiration-date --expiration-date 2015-01-20 MAINKEYID --subkey SUBKEYID --passphrase PASSWORD" , it does change the expiration date of the subkey BUT ALSO changes the Expiration of the MAINKEY. The main key does NOT have an expiration. I dont want the MAINKEY to expire.

I just want to change the subkey expiration. Is that Possible? I had to remove the expiration of the MAINKEY. That in turn removed the expiration on the SUBKEY.

:-(  Can you please suggest?  This is used by a Various # of Clients. I Just want to change the Expiration of ONE subkey. Is that possible?  Now, since when I removed the expiration of the main key it also removed the subkey's expiration date, how can I reset it to the original expiration date?

What are my options here?

Here is the list used:

pgp --list-key-details

-> Main Key does not have expiration. One of the subkeys is to expire Jan 10

-> Tried to extend expiration of the subkey

"pgp --set-expiration-date --expiration-date 2015-01-20 MAINKEYID --subkey SUBKEYID --passphrase PASSWORD"
-> This changed the subkey expiration. The main key expiration changed from 'Never' to 2015-01-20 as well.

-> wanted to remove the expiration from main key

pgp --remove-expiration-date MAINKEYID --passphrase PASSWORD

-> This removed the expiration from the subkeys as well> Now all is subkey expiration is set to NEVER.

I just want to get the ONE SUBKEY expiration SET to 2015.

Thanks

 

 

dfinkelstein's picture

Hm this may actually be a limitation... let me look into this some more.

--------

David Finkelstein

Symantec R&D

Mylapore's picture

Hi David

Any idea? The expiration date is nearing & the process to get this going takes time as well. Please let me know. I am gearing towards creating a new subkey and sending it otherwise. But the current one got reset to NO expiration as well. Is there a way to set JUST THE SUBKEY expiration date? as I said when I tried the command, it set the expiration date on the main Key too and thats is not what is needed.

Thanks & Happy New Years!

Mylapore's picture

Thanks David. Can you please keep me updated? Appreciate that.

Regards