[SATLUG] GPG Encryption Sub-Key Expired? Create a new one! But
carefully... ; )
tweeks at rackspace.com
Fri Oct 1 09:36:09 CDT 2010
If you were a apart of our original GPG keysigning party back in September of
2005, then it's very possible (if you created a 5yr ElGamal encryption key)
that your encrypting key has just recently expired.
If this is the case, then you're in a very sensitive place right now. If you
created your signing and encryption keys like we told you (a unlimited 1024
DSA signing key, and a 5yr 2048 or 4096bit ElGamal signing key), then all you
need do is create a new ElGamal encryption subkey (sub to your signing key).
To do this.. just follow the directions here:
And I think I'm going to recommend that the next meeting be another
key-signing party.. both for new folks who want to create and start using GPG
key pairs, or just for those who may have messed up and need to start over.
NOTE: If your encryption key HAVE expired.. don't just go and create a whole
new set of signing and encrypting keys with some GUI. In doing so you would
lose all those great signatures you've built up! If you just follow the
command line directions outlined in that URL, then you'll be able to safely
add a new sub-encryption key and be good to go. If your master DSA signing
key expired.. then you may be hosed (I don't know of a way to re-up an
Any other related thoughts or feedback?
Travis? You still on list or have any suggestions?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://www.satlug.org/pipermail/satlug/attachments/20101001/050e65b0/attachment.bin
More information about the SATLUG