Skip to main content

How do PGP keys "expire"? [Resolved]

When creating a PGP key, you can choose when the key "expires". What does this mean and how does it work?


Question Credit: mngxyuiso
Question Reference
Asked September 10, 2019
Posted Under: Security
23 views
1 Answers

If your public key expires, it can't be used to encrypt. When you generate your private/public keys, you should generate a revocation certificate so you can immediately revoke if needed...if you have no expiry time and no revocation certificate they can last forever.

As for how it works, quoting from https://www.gnupg.org/gph/en/manual/c235.html :

A key's expiration time is associated with the key's self-signature. The expiration time is updated by deleting the old self-signature and adding a new self-signature. Since correspondents will not have deleted the old self-signature, they will see an additional self-signature on the key when they update their copy of your key. The latest self-signature takes precedence, however, so all correspondents will unambiguously know the expiration times of your keys.


credit: LTPCGO
Answered September 10, 2019
Your Answer
D:\Adnan\Candoerz\CandoProject\vQA