rpgp icon indicating copy to clipboard operation
rpgp copied to clipboard
verified publisher icon rpgp

Is it possible to extend the openPGP key pair's expire time?

Open TommyLike opened this issue 2 years ago • 3 comments

Can we extend the key pair's expire time by using this library?

TommyLike avatar May 10 '23 03:05 TommyLike

I don't actually know how this works in general, do you have a link to some documentation how this would work?

dignifiedquire avatar Jun 01 '23 08:06 dignifiedquire

@dignifiedquire I guess it's supported by pgp command, theres is another script which utilize on the command:

https://github.com/fedora-copr/copr/blob/700a02ae7f8aed6f827a1b593ba1872c55e6b919/keygen/run/gpg-copr-prolong#L3

TommyLike avatar Jun 01 '23 10:06 TommyLike

Expiration time (and other metadata) in OpenPGP is updated when the key holder issues new self-signatures. The new self-signatures replace the previous metadata.

See https://openpgp.dev/book/signing_components.html#adding-global-metadata-to-a-certificate for rough pointers.

Note that primary key and subkeys have subtly different mechanisms for how metadata is linked to them (and that the primary and each subkey can have independent expiration times).

hko-s avatar Jan 23 '24 23:01 hko-s