I renewed my gpg key pair, but I am still receiving the following error from gpg.
gpg: WARNING: Your encryption subkey expires soon.
gpg: You may want to change its expiration date too.
How can I renew the subkey?
I renewed my gpg key pair, but I am still receiving the following error from gpg.
gpg: WARNING: Your encryption subkey expires soon.
gpg: You may want to change its expiration date too.
How can I renew the subkey?
List your keys.
$ gpg --list-keys
...
-------------------------------
pub rsa2048 2019-09-07 [SC] [expires: 2020-11-15]
AF4RGH94ADC84
uid [ultimate] Jill Doe (CX) <jilldoe@mail.com>
sub rsa2048 2019-09-07 [E] [expired: 2019-09-09]
pub rsa2048 2019-12-13 [SC] [expires: 2020-11-15]
7DAA371777412
uid [ultimate] Jill Doe <jilldoe@mail.com>
...
We want to edit key AF4RGH94ADC84.
The subkey is the second one in the list that is named ssb
$ gpg --edit-key AF4RGH94ADC84
gpg> list
sec rsa2048/AF4RGH94ADC84
created: 2019-09-07 expires: 2020-11-15 usage: SC
trust: ultimate validity: ultimate
ssb rsa2048/56ABDJFDKFN
created: 2019-09-07 expired: 2019-09-09 usage: E
[ultimate] (1). Jill Doe (CX) <jilldoe@mail.com>
So we want to edit the first subkey (ssb)
ssb rsa2048/56ABDJFDKFN
created: 2019-09-07 expired: 2019-09-09 usage: E
[ultimate] (1). Jill Doe (CX) <jilldoe@mail.com>
When you select key (1), you should see the * next to it such as ssb*
. Then you can set the expiration and then save.
gpg> key 1
sec rsa2048/AF4RGH94ADC84
created: 2019-09-07 expires: 2020-11-15 usage: SC
trust: ultimate validity: ultimate
ssb* rsa2048/56ABDJFDKFN
created: 2019-09-07 expired: 2019-09-09 usage: E
[ultimate] (1). Jill Doe (CX) <jilldoe@mail.com>
gpg> expire
...
Changing expiration time for a subkey.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 2y
Key expires at Wed 9 Sep 16:20:33 2021 GMT
Is this correct? (y/N) y
sec rsa2048/AF4RGH94ADC84
created: 2019-09-07 expires: 2020-11-15 usage: SC
trust: ultimate validity: ultimate
ssb* rsa2048/56ABDJFDKFN
created: 2019-09-07 expires: 2021-09-09 usage: E
[ultimate] (1). Jill Doe (CX) <jilldoe@mail.com>
...
gpg> save
Don't forget to save the changes before quitting!
gpg
is designed in such a confusing fashion which forces you to look for the answer everywhere.
– Jianwu Chen
Jul 29 '21 at 08:48
expire
to renew a key.
– Yan Foto
May 10 '22 at 16:12
There is (a newer?) option in gpg (2.2.41) where you can extend all your subkeys at once with only the command:
gpg --quick-set-expire <1> <2> <3>
meaning:
<1> fingerprint of your key (from gpg --list-secret-keys
)
<2> how long you would like to extend the expiration period
<3> optionally, the subkey fingerprints to extend ('*'
to extend all non-expired subkeys)
e.g.:
gpg --quick-set-expire 7BCDED693SECRETKEY1552ACB71237 7w '*'
– arved
Apr 28 '23 at 10:56
fpr *
includes subkeys, but I'm not sure about expired and don't currently have one to test. At commandline (where you would do --quick-set-expire
) gpg -K --with-subkey-fingerprint [--list-options=show-unusable-subkeys]
– dave_thompson_085
Aug 12 '23 at 01:36
I solved this by installing and using openPGP. Click on the "expire" button; it won't accept "never expires", but you can set a date in the future.