Endpoint Encryption

 View Only

  • 1.  Making a new pgp key for an expiring key

    Posted Aug 25, 2015 12:09 PM

    Forgive me, but I am fairly inexperienced with PGP.  I successfully created a key pair and have been using it for nearly 3 years.  But I have run into an issue. I extended the expiration date about a year ago, but now our partner wants us to create a new one with a 2 yr expiration date.

    So, I have a couple of questions regarding creating a new key before the current one expires.  We send multiple files to a bank many times a day.  When I installed PGP, I created the initial key pair, then extended the expiration date.  Now, it is set to expire in few weeks, and they do not want me to extend the expiration date any more.  I want to keep using the old key while creating a new one for use once the bank gets it loaded.  The bank said it could take a few days and we don't want to interrupt our transmissions.  

    So, is it as simple as just doing a command --gen-key with a different user and passphrase than my initial key pair 2 years ago?  Keep in mind, again, I don't want to interfere with our current keys.  I would continue to send the bank files with our old key until they get it loaded.  Then a couple days before expiring, I would start using the new key.

    Then, once the expiration date passes and the bank has loaded our other key, would I do a --remove-key-pair command to remove my initial key pair leaving only our new one?

    Thank you in advance.

    Maddux



  • 2.  RE: Making a new pgp key for an expiring key

    Posted Aug 25, 2015 12:51 PM

    You have the process nearly right.  Don't remove the old keypair, as it can still be used to decrypt the old files even after it expires.  It simply will not be usable for encrypting new files.

    Once you generate the new keypair and send it to them, they will have another valid way to send you encrypted files.  You can use the same passphrase for your new key if desired, though normal practice would be to change it for the new key.

    Since they have a copy of your original public key, that key will expire, but you could still extend the life on your original key if you are using it for other transactions.  That would not affect the copy they have, so if you have additional vendors using your original key and do not wish to change it for them, that is another option.



  • 3.  RE: Making a new pgp key for an expiring key
    Best Answer

    Posted Aug 25, 2015 01:34 PM

    Thank you so much.  You have been most helpful.