2011-01-11
I added a new encryption key to my gpg p ... 9 years ago
I added a new encryption key to my gpg public key 0xF0D7C263, 4096 bits size. Which means I want the 'lesser' (2048 bit) key to not be used anymore by people encrypting stuff to send to me. So I try to set an expiry for this subkey. But strangely this change does not 'stick' :Command> key 1 pub 1024D/F0D7C263 created: 1998-12-17 expires: never usage: SCA trust: full validity: full sub* 2048g/CD125A2B created: 1998-12-17 expires: never usage: E sub 4096g/1F480E9A created: 2011-01-11 expires: 2016-01-10 usage: E [ full ] (1). Koos van den Hout <koos kzdoos.xs4all.nl> [ full ] (2) Koos van den Hout <koos idefix.net> [ revoked] (3) Koos van den Hout <koos pizza.hvu.nl> [ revoked] (4) Koos van den Hout <koos wu-ftpd.org> Command> expire Changing expiration time for a subkey. Key is valid for? (0) 6m Key expires at Sun 10 Jul 2011 10:30:34 PM CEST Is this correct? (y/N) y You need a passphrase to unlock the secret key for user: "Koos van den Hout <koos kzdoos.xs4all.nl> 1024-bit DSA key, ID F0D7C263, created 1998-12-17 pub 1024D/F0D7C263 created: 1998-12-17 expires: never usage: SCA trust: full validity: full sub* 2048g/CD125A2B created: 1998-12-17 expires: never usage: E sub 4096g/1F480E9A created: 2011-01-11 expires: 2016-01-10 usage: E [ full ] (1). Koos van den Hout <koos kzdoos.xs4all.nl> [ full ] (2) Koos van den Hout <koos idefix.net> [ revoked] (3) Koos van den Hout <koos pizza.hvu.nl> [ revoked] (4) Koos van den Hout <koos wu-ftpd.org>Strange. Seems the working solution will be to revoke the subkey. Which I'd rather not do because I want to be able to keep decoding old mails.