I renewed my gpg key pair, but I am still receiving the following error from gpg.
gpg: WARNING: Your encryption subkey expires soon. gpg: You may want to change its expiration date too. How can I renew the subkey?
- Does this answer your question? How to renew an expired keypair with gpgJonas Stein– Jonas Stein2020-01-06 15:57:48 +00:00Commented Jan 6, 2020 at 15:57
Add a comment |
3 Answers
List your keys.
$ gpg --list-keys ... ------------------------------- pub rsa2048 2019-09-07 [SC] [expires: 2020-11-15] AF4RGH94ADC84 uid [ultimate] Jill Doe (CX) <[email protected]> sub rsa2048 2019-09-07 [E] [expired: 2019-09-09] pub rsa2048 2019-12-13 [SC] [expires: 2020-11-15] 7DAA371777412 uid [ultimate] Jill Doe <[email protected]> ------------------------------- ... We want to edit key AF4RGH94ADC84. The subkey is the second one in the list that is named ssb
$ gpg --edit-key AF4RGH94ADC84 gpg> list sec rsa2048/AF4RGH94ADC84 created: 2019-09-07 expires: 2020-11-15 usage: SC trust: ultimate validity: ultimate ssb rsa2048/56ABDJFDKFN created: 2019-09-07 expired: 2019-09-09 usage: E [ultimate] (1). Jill Doe (CX) <[email protected]> So we want to edit the first subkey (ssb)
ssb rsa2048/56ABDJFDKFN created: 2019-09-07 expired: 2019-09-09 usage: E [ultimate] (1). Jill Doe (CX) <[email protected]> When you select key (1), you should see the * next to it such as ssb*. Then you can set the expiration and then save.
gpg> key 1 sec rsa2048/AF4RGH94ADC84 created: 2019-09-07 expires: 2020-11-15 usage: SC trust: ultimate validity: ultimate ssb* rsa2048/56ABDJFDKFN created: 2019-09-07 expired: 2019-09-09 usage: E [ultimate] (1). Jill Doe (CX) <[email protected]> gpg> expire ... Changing expiration time for a subkey. Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 2y Key expires at Wed 9 Sep 16:20:33 2021 GMT Is this correct? (y/N) y sec rsa2048/AF4RGH94ADC84 created: 2019-09-07 expires: 2020-11-15 usage: SC trust: ultimate validity: ultimate ssb* rsa2048/56ABDJFDKFN created: 2019-09-07 expires: 2021-09-09 usage: E [ultimate] (1). Jill Doe (CX) <[email protected]> ... gpg> save Don't forget to save the changes before quitting!
- 6Thanks for the detailed instruction, it saved my day. Not sure why
gpgis designed in such a confusing fashion which forces you to look for the answer everywhere.Jianwu Chen– Jianwu Chen2021-07-29 08:48:18 +00:00Commented Jul 29, 2021 at 8:48 - 4The most confusing part (that brings me back to this answer once a year) is that you have to use
expireto renew a key.Yan Foto– Yan Foto2022-05-10 16:12:39 +00:00Commented May 10, 2022 at 16:12
There is (a newer?) option in gpg (2.2.41) where you can extend all your subkeys at once with only the command:
gpg --quick-set-expire <1> <2> <3>
meaning:
<1> fingerprint of your key (from gpg --list-secret-keys)
<2> how long you would like to extend the expiration period
<3> optionally, the subkey fingerprints to extend ('*' to extend all non-expired subkeys)
e.g.:
gpg --quick-set-expire 7BCDED693SECRETKEY1552ACB71237 7w '*'
- 1Usage is wrong:
usage: gpg [options] --quick-set-exipre FINGERPRINT EXPIRE [SUBKEY-FPRS]arved– arved2023-04-28 10:56:52 +00:00Commented Apr 28, 2023 at 10:56 - yes thanks, I will correct thatMacMartin– MacMartin2023-04-28 11:13:40 +00:00Commented Apr 28, 2023 at 11:13
- 3
*works only for not yet expired sub-keys.Rudolf Adamkovic– Rudolf Adamkovic2023-05-04 13:01:54 +00:00Commented May 4, 2023 at 13:01 - And where am I supposed to retrieve SUBKEY-FPRS? I've tried the subkeys keygrips, and they are rejected; there's also a 'fpr' command to show the fingerprint of a key, but that only shows the fingerprint of the main key.user30747– user307472023-07-26 18:26:29 +00:00Commented Jul 26, 2023 at 18:26
- @user30747: in the edit-key dialog
fpr *includes subkeys, but I'm not sure about expired and don't currently have one to test. At commandline (where you would do--quick-set-expire)gpg -K --with-subkey-fingerprint [--list-options=show-unusable-subkeys]dave_thompson_085– dave_thompson_0852023-08-12 01:36:43 +00:00Commented Aug 12, 2023 at 1:36
I solved this by installing and using openPGP. Click on the "expire" button; it won't accept "never expires", but you can set a date in the future.
