primary key expiration and subkeys
Greg Troxel
gdt at lexort.com
Thu Jan 22 15:56:11 CET 2026
Ben Kibbey <bjk at luxsci.net> writes:
> Is it normal behavior to add a subkey whose expiration is after a
> primary key only to have the subkey be flagged as expired after the
> primary key expires? If so, it may be good to issue a warning during
> --edit-key that a subkey expiration is later than the primary since one
> would have to change the expiration of both the primary and subkeys to
> make use of them.
Functionally a subkey is signed by the primary key, sort of like chained
certificates in pkix. So while the subkey might not be expired, it
can't be validated.
Agreed that a warning is in order.
More information about the Gnupg-devel
mailing list