Solved

PGP Key Expiration

Posted on 2012-04-12
4
1,073 Views
Last Modified: 2012-04-20
I have a question about managing PGP keys.

One of my trading partners, who will remain nameless to protect them, has been using the same key for a number of years and every year, they EDIT the key to change the expiration date instead of generating a new key.

I personally would prefer a new key instead of just editing the key expiration date.

I know they are just editing the expiration date because the PGP Key ID never changes.

I'm posting this to see if there is actually in fact a risk to using the same key.  I believe that there is.  I just need some confirmation or correction, if I am incorrect.

I've done some research, but I have not found anything that explicitly states that the date shouldn't be changed, but should instead be generated as a new key which will result in a new key ID.

I'm looking for any documentation or facts to support the theory that keys should be generated new instead of reused over a long period of time.
0
Comment
Question by:Jeff Darling
  • 2
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
wshark83 earned 500 total points
ID: 37837874
i don't think it makes a difference ... who holds the master key....? if they hold the master key and the expiration date is only changed on the public key then its fine...

I know in the past i've used the pgp key where the both set of key's are set to never expiry
0
 
LVL 12

Author Comment

by:Jeff Darling
ID: 37837913
0
 
LVL 12

Author Comment

by:Jeff Darling
ID: 37838070
@wshark83

Thanks for your comment.  I agree, not having a key expire makes it easier to deal with, but I'm going to expect that keys will be replaced after a period of time.  the problem I have seen is that if the expiration is going to be used, I would prefer that they generate a new one when it expires.  

Its like, eh, I changed my mind, I don't want this key to expire, I know I will just extend the expiration date!

Meanwhile, all the partners that hold the public key think the key is expired and when they get a new one, it can be confusing when they see that the key ID is the same, just that the expiration has changed.
0
 
LVL 6

Expert Comment

by:wshark83
ID: 37841971
@jeffld totally agree its not very professional...

I would say that if they change the date then they should change the id and passphrase as well...I think the person who is manging the keys is being just point blank lazy....
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
One drive and bitlocker policy help 1 146
Access ACCDE without Encryption 1 31
Hard Disk Encryption - Recommendation 8 42
RMS / DRM - differences? 3 51
By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question