[SATLUG] GPG Encryption Sub-Key Expired? Create a new one! But carefully... ; )

Tweeks tweeks at rackspace.com
Fri Oct 1 09:36:09 CDT 2010


If you were a apart of our original GPG keysigning party back in September of 
2005, then it's very possible (if you created a 5yr ElGamal encryption key) 
that your encrypting key has just recently expired.

If this is the case, then you're in a very sensitive place right now.  If you 
created your signing and encryption keys like we told you (a unlimited 1024 
DSA signing key, and a 5yr 2048 or 4096bit ElGamal signing key), then all you 
need do is create a new ElGamal encryption subkey (sub to your signing key).

To do this.. just follow the directions here:
https://wiki.slugbug.org.uk/GPG#Generating_a_new_encryption_sub-key

And I think I'm going to recommend that the next meeting be another 
key-signing party.. both for new folks who want to create and start using GPG 
key pairs, or just for those who may have messed up and need to start over.

NOTE: If your encryption key HAVE expired.. don't just go and create a whole 
new set of signing and encrypting keys with some GUI.  In doing so you would 
lose all those great signatures you've built up!  If you just follow the 
command line directions outlined in that URL, then you'll be able to safely 
add a new sub-encryption key and be good to go.  If your master DSA signing 
key expired.. then you may be hosed (I don't know of a way to re-up an 
expired key).

Any other related thoughts or feedback?

Travis?  You still on list or have any suggestions?

Tweeks

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://www.satlug.org/pipermail/satlug/attachments/20101001/050e65b0/attachment.bin


More information about the SATLUG mailing list