3

I missed expiration date of my gpg key and have to generate a new one afterwards. Now I want to establish trust between my old and new key.

Naive call like

gpg --local-user DE5A457C --sign-key BCBE2B4A

ends in error message

gpg: skipped "DE5A457C": unusable secret key

How do I force gpg to sign a new key with an old, expired one?

Braiam
  • 35,991
p4553d
  • 133

1 Answers1

2

I don't know if you can that, it's kind of violating the point of setting an expiry date. But you can probably trick gpg by running it in some kind of virtual machine that allows you to set the time to shortly before the old key expired. I don't know if gpg will let you sign a key that's not yet valid, but then you'll just have to make a new new key in that virtual machine and use that instead of BCBE2B4A.

Henrik supports the community
  • 5,636
  • It was my first thought too, setting the system time back. But I throw it away as dirties hack ever for such a problem. I understand, that signing with an expired key is violation of concept. But now I clearly have need to do it so. It shouldn't be easy and demand some extra flags like --it-shit-but-do-it-so- – p4553d Jun 26 '16 at 15:24
  • 1
    The expiry of a key can be arbitrarily changed using gpg --edit-key. No need for hacks. – jlh Jan 11 '19 at 14:10