Endpoint Encryption

 View Only
  • 1.  Question : If i extend my PGP key Pair Expiration date?

    Posted Oct 31, 2012 05:06 PM

    If I extend my PGP key Pair Expiration date using (pgp --set-expiration-date) , will the key work with the existing public key?

     

    I assume it does, but I am checking for sure.

     

    Thanks,Peter

     



  • 2.  RE: Question : If i extend my PGP key Pair Expiration date?
    Best Answer

    Posted Oct 31, 2012 06:01 PM

    If you change your key's expiration date, your key will now expire on whatever date you have set (unless you change it again).  If someone else has a copy of your public key with the old expiration date, they must update your public key (such as synching it with a key server that has an updated copy) to be able to encrypt to your public key after the  previous expiration date.



  • 3.  RE: Question : If i extend my PGP key Pair Expiration date?

    Posted Nov 21, 2012 03:00 AM

    Interesting. But how to change this as well for keys stored on USB tokens?

    Thanks!



  • 4.  RE: Question : If i extend my PGP key Pair Expiration date?

    Posted Nov 21, 2012 09:07 AM

    I would try it from the PGP Desktop All Keys window.  Of course, it would be necessary to have the token inserted.  I'm not a command line user of PGP, so can't help with this.



  • 5.  RE: Question : If i extend my PGP key Pair Expiration date?

    Posted Dec 21, 2012 11:12 PM

    HI Tom

    I have a subkey that is set to expire within the next 30days.  Instead of trying to move the expiration, if I create a new subkey - is that better?  Is there a preference?  Would have to send the client the public key again either way (new subkey or extend expiration of current subkey ).  Also - is it possible to just export the public key for the subkey? or is it a combination of the pair including the subkey?

    Thanks



  • 6.  RE: Question : If i extend my PGP key Pair Expiration date?

    Posted Dec 21, 2012 11:34 PM

    HI Tom

    I have a subkey that is set to expire within the next 30days.  Instead of trying to move the expiration, if I create a new subkey - is that better?  Is there a preference?  Would have to send the client the public key again either way (new subkey or extend expiration of current subkey ).  Also - is it possible to just export the public key for the subkey? or is it a combination of the pair including the subkey?

    Also just to re-iterate, if I extend the expiration of the key, the existing decryption for the clients should continue to work until the expiration date. right? They need to update the new public key before the expiration day.  Say it is expiring Jan 20 2013. I change the subkey expiration to Jan 20 2014. the existing public key for the client should continue to work until Jan 20 2013. is that right? They should update the new key by Jan 20 2013. Else it will fail on Jan 21 2013.

    Thanks

     



  • 7.  RE: Question : If i extend my PGP key Pair Expiration date?
    Best Answer

    Posted Dec 22, 2012 01:08 AM

    An encryption subkey can always be used to decrypt data, even if it is expired.  So you can create a new encryption subkey, and give your (updated) public key out, and people will encrypt data to your new encryption subkey, but you can continue to decrypt old, existing data with your expired subkey.  You will have to send out an updated version of your key even if you choose to update the expiration time, since otherwise your partners will have the "old" version that shows a soon-to-expire subkey, and they will not be able to encrypt to it (once the expiration date comes).

    You do not export just the public portion of the subkey.  You export your entire public key, and that will include the public portions of your subkeys.

    Have I answered your question?

    Regards,

     



  • 8.  RE: Question : If i extend my PGP key Pair Expiration date?

    Posted Dec 26, 2012 11:05 AM

    Wonderful. Yes you answered everything so well. Thanks so much! Happy Holidays & Have a wonderful New Years :-)

     

    Thanks again

     



  • 9.  RE: Question : If i extend my PGP key Pair Expiration date?

    Posted Dec 26, 2012 04:58 PM

    Related question...

    I tried to extend the expiration of my subkey

    pgp --set-expiration-date --expiration-date 2015-01-10 0x939E72AF --passphrase PASSWORD

    - I know that 0x939E72AF is the SUBKEY ID. But I get this message back

    0x939E72AF:set expire date (2002:key to edit not found)

    I do see the subkey in the fingerprint. I dont want to Change the expiration for the Key. Just this one SUBKEY needs to be extended . Can you please let me know what I am missing here?

    Many Thanks