Best practices for obtaining a new GPG certificate
Werner Koch
wk at gnupg.org
Thu Mar 18 15:17:43 CET 2021
On Thu, 18 Mar 2021 00:06, David Mehler said:
> My existing GPG certificate is going to expire in less than a month.
> I'd like to know current best practices for obtaining a new one? In
Do you really want a new one? Usually it is easier to prolong your key.
By default a new key has an expire data so that unused keys and those
with forgotten passphrase will eventually expire. In general you just run
gpg --quick-set-expire FINGERPRING EXPIREDATE
Expire dat may be something like 5y for 5 years or an explicit date like
2024-12-31.
Here is an example
$ gpg -K A94A6DF8CDF934DB2BF98A46254A558A7E6D52D8
sec ed25519 2021-03-15 [SC] [expires: 2023-03-15]
A94A6DF8CDF934DB2BF98A46254A558A7E6D52D8
uid [ unknown] foo at example.de
ssb cv25519 2021-03-15 [E]
989ABB95E888956DBD5D7F66C376233B98457556
$ gpg --quick-set-expire A94A6DF8CDF934DB2BF98A46254A558A7E6D52D8 4y
$ gpg -K A94A6DF8CDF934DB2BF98A46254A558A7E6D52D8
sec ed25519 2021-03-15 [SC] [expires: 2025-03-17]
A94A6DF8CDF934DB2BF98A46254A558A7E6D52D8
uid [ unknown] foo at example.de
ssb cv25519 2021-03-15 [E]
989ABB95E888956DBD5D7F66C376233B98457556
Send the public key then to your peers, keyserver, web key directory, or
wherever.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210318/0b713e20/attachment.sig>
More information about the Gnupg-users
mailing list