Why are my expiration dates different?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Oct 20 00:44:53 CEST 2016


On Wed 2016-10-19 12:16:23 -0400, gpg at noffin.com wrote:
> When I run the command:
>
> gpg --list-secret-keys
> <snip>
> /home/repo-owner/.gnupg/secring.gpg
> -----------------------------------
> sec   2048R/XXXXXXXXX 2014-10-30 [expires: 2016-10-29]
> </snip>
 [...]
> gpg --edit-key XXXXXXXXX
> gpg (GnuPG) 1.4.16; Copyright (C) 2013 Free Software Foundation, Inc.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Secret key is available.
>
> pub  2048R/XXXXXXXXX  created: 2014-10-30  expires: 2017-10-31  usage: SC

the difference here is looking at secret keys and public keys.  in
gpg version 1.4.x or 2.0.x, those are not well-synchronized.  the
expiration date seen in the pubring.gpg is the thing that any other user
will see, so that's the one to rely on.

in gpg version 2.1.x or later, the metadata is synchronized across
secret keys and publicly (more specifically, the view of the secret keys
shows the date that comes from the public keyring).

      --dkg



More information about the Gnupg-users mailing list