Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

PGP Key Expiration

Posted on 2012-04-12
4
Medium Priority
?
1,221 Views
Last Modified: 2012-04-20
I have a question about managing PGP keys.

One of my trading partners, who will remain nameless to protect them, has been using the same key for a number of years and every year, they EDIT the key to change the expiration date instead of generating a new key.

I personally would prefer a new key instead of just editing the key expiration date.

I know they are just editing the expiration date because the PGP Key ID never changes.

I'm posting this to see if there is actually in fact a risk to using the same key.  I believe that there is.  I just need some confirmation or correction, if I am incorrect.

I've done some research, but I have not found anything that explicitly states that the date shouldn't be changed, but should instead be generated as a new key which will result in a new key ID.

I'm looking for any documentation or facts to support the theory that keys should be generated new instead of reused over a long period of time.
0
Comment
Question by:Jeff Darling
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
wshark83 earned 2000 total points
ID: 37837874
i don't think it makes a difference ... who holds the master key....? if they hold the master key and the expiration date is only changed on the public key then its fine...

I know in the past i've used the pgp key where the both set of key's are set to never expiry
0
 
LVL 13

Author Comment

by:Jeff Darling
ID: 37838070
@wshark83

Thanks for your comment.  I agree, not having a key expire makes it easier to deal with, but I'm going to expect that keys will be replaced after a period of time.  the problem I have seen is that if the expiration is going to be used, I would prefer that they generate a new one when it expires.  

Its like, eh, I changed my mind, I don't want this key to expire, I know I will just extend the expiration date!

Meanwhile, all the partners that hold the public key think the key is expired and when they get a new one, it can be confusing when they see that the key ID is the same, just that the expiration has changed.
0
 
LVL 6

Expert Comment

by:wshark83
ID: 37841971
@jeffld totally agree its not very professional...

I would say that if they change the date then they should change the id and passphrase as well...I think the person who is manging the keys is being just point blank lazy....
0

Featured Post

Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question