137

What is the best way to renew a gpg key pair when it got expired and what is the reason for the method?

The key pair is already signed by many users and available on public servers.

  • Should the new key be a subkey of the expired private key?

  • Should it be signed by the old (I could try to edit the key and change the date of expiration to tomorrow)?

  • Should the new key sign the old?

Jonas Stein
  • 4,078
  • 4
  • 36
  • 55

3 Answers3

176

Private keys never expire. Only public keys do. Otherwise, the world would never notice the expiration as (hopefully) the world never sees the private keys.

For the important part, there is only one way, so that saves a discussion about pros and cons.

You have to extend the validity of the main key:

gpg --edit-key 0x12345678
gpg> expire
...
gpg> save

You have to make a decision about extending validity of vs. replacing the subkey(s). Replacing them gives you limited forward security (limited to rather large time frames). If that is important to you then you should have (separate) subkeys for both encryption and signing (the default is one for encryption only).

gpg --edit-key 0x12345678
gpg> key 1
gpg> expire
...
gpg> key 1
gpg> key 2
gpg> expire
...
gpg> save

You need key 1 twice for selecting and deselecting because you can extend the validity of only one key at a time.

You could also decide to extend the validity unless you have some reason to assume the key has been compromised. Not throwing the whole certificate away in case of compromise makes sense only if you have an offline main key (which IMHO is the only reasonable way to use OpenPGP anyway).

The users of your certificate have to get its updated version anyway (either for the new key signatures or for the new key(s)). Replacing makes the key a bit bigger but that is not a problem.

If you use smartcards (or plan to do so) then having more (encryption) keys creates a certain inconvenience (a card with the new key cannot decrypt old data).

Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255
Hauke Laging
  • 90,279
  • 3
    I hit this: 
    Need the secret key to do this.```

Any ideas how to get around this?
    – Felix Jan 11 '17 at 13:09
  • 12
    @Felix You don't get around the need for private keys. That is the base of PK cryptography. – Hauke Laging Jan 12 '17 at 14:21
  • 21
    Ironic that keys are renewed with "expire" – David Costa Dec 06 '17 at 13:38
  • 7
    I believe the expire command actually walks you through setting the expiry time on a key, so perhaps you "renew" the key by just setting the expiry time further into the future? – Viktor Haag Jan 21 '18 at 16:41
  • 6
    I can also select multiple keys (or all with key *) and set expiration for all. – Golar Ramblar Feb 11 '21 at 17:48
  • 1
    @GolarRamblar How nice that over the course of six years software does make progress... – Hauke Laging Feb 16 '21 at 06:20
  • Its more like key 0 key 1 because the numerotation begins at zero. – Sandburg Mar 05 '22 at 14:54
  • If private keys never expire, why are those subkeys (ssb) types with an expiration date? I do understand the reason behind that, but as far as I'm concerned those subkeys (ssb) are secret subkeys...and it's possible to set an expiration date for them. – x80486 May 29 '22 at 01:36
  • 1
    @x80486 Secret keys (main keys, too) are always(?) shown with their expiration date. For convenience. Why wouldn't you? That the date is stored in the related public key does not matter to the UI. – Hauke Laging May 29 '22 at 12:40
  • So is the second example for replacing the subkeys? Is that also done with expire? – Iizuki Aug 16 '23 at 05:55
  • @Iizuki Indeed. Both key categories are handled with expire (would seem odd to me to have different commands). – Hauke Laging Aug 19 '23 at 15:01
5

Adding to "Hauke Linging"s answer, there is an option available from gpg 2.1.22* onward where you can extend a primary key or its non-revoked, non-expired subkeys with a single non-interactive command.

It has 3 forms (the first parameter is always the key-fingerprint, and the second is always the expiry period, eg. 8w for 8 weeks):

  • 2 parameters: extend secret key by period
  • 3 parameters where the 3rd is an asterisk (*): expire all non-revoked, non-expired subkeys of the primary secret key
  • 3 or more parameters where the 3rd onward are specific subkey fingerprints: expire the specified subkeys of the primary secret key

Example for the *-form:

gpg --quick-set-expire <1> <2> <3>

meaning:

<1> fingerprint of your key (from gpg --list-secret-keys)
<2> how long you would like to extend the expiration period
<3> * is for every subkey e.g.:

gpg --quick-set-expire 7BCDED693SECRETKEY1552ACB71237 7w \*

* --quick-set-expire is available for primary keys only from version 2.1.17.

Ian Mackinnon
  • 701
MacMartin
  • 2,924
3

It seems you mixed up two things: replacing the old keypair with a new one, and changing expiry date.

Basically, there should be no need to create a new keypair: if you still have the old one, you can "extend" its lifetime by changing expiry date and publishing updated key. This is completely normal and expected.

The deal with expiration date is to make sure that if you loose your key (e.g. forget the passphrase - I'm not talking about the key getting compromised, in that case you'd want to revoke it immediately) it won't keep dangling in the open forever.

Jan Warchoł
  • 3,091