totp-cli TOTP signed with expired key

I just found out that I signed my TOTP with a GPG key and now it's expired. What can I do with it?

~ ❯ totp show github      
pass returned an error:
gpg: Note: secret key 013129B57E7F4913 expired at Thu 05 Oct 2023 03:37:09 AM

Oct 18 '23 02:10 brainwo

Upon deeper inspection I found out that totp-cli automatically use the newest GPG key, I just created a new GPG and now new TOTPs are signed with that GPG key.

Oct 18 '23 03:10 brainwo

You can extend the duration of an expired key: https://whynothugo.nl/journal/2023/07/13/extending-an-expired-gpg-key/

Note that the error is returned by pass, not totp-cli, so any advise applicable to pass is applicable here.

Oct 18 '23 08:10 WhyNotHugo

Oh thank you, this is actually helpful coming from you directly

Though, can we have this feature in totp-cli? It would be much more helpful

Oct 18 '23 08:10 brainwo

Though, can we have this feature in totp-cli? It would be much more helpful

No, management of GPG keys is out of scope for this tool.

Oct 18 '23 09:10 WhyNotHugo

Note that totp-cli uses pass which itself uses gpg. You can potentially replace pass with something that presents the same interface but doesn't use gpg under the hood.

Oct 18 '23 09:10 WhyNotHugo

No, management of GPG keys is out of scope for this tool.

How about selecting which GPG key to use? I could setup one GPG key without expiration date only for this tool

Oct 18 '23 09:10 brainwo

totp-cli simply invokes pass to, which in turns invokes gpg.

You can select which key is used for pass's store. See pass's manual page: https://linux.die.net/man/1/pass. Specifically, the init command.

Oct 18 '23 12:10 WhyNotHugo