我更新了我的 gpg 密钥对,但我仍然收到来自 gpg 的以下错误。
gpg: WARNING: Your encryption subkey expires soon.
gpg: You may want to change its expiration date too.
如何更新子密钥?
答案1
列出你的钥匙。
$ gpg --list-keys
...
-------------------------------
pub rsa2048 2019-09-07 [SC] [expires: 2020-11-15]
AF4RGH94ADC84
uid [ultimate] Jill Doe (CX) <[email protected]>
sub rsa2048 2019-09-07 [E] [expired: 2019-09-09]
pub rsa2048 2019-12-13 [SC] [expires: 2020-11-15]
7DAA371777412
uid [ultimate] Jill Doe <[email protected]>
-------------------------------
...
我们要编辑密钥 AF4RGH94ADC84。该子项是列表中名为的第二个子项ssb
$ gpg --edit-key AF4RGH94ADC84
gpg> list
sec rsa2048/AF4RGH94ADC84
created: 2019-09-07 expires: 2020-11-15 usage: SC
trust: ultimate validity: ultimate
ssb rsa2048/56ABDJFDKFN
created: 2019-09-07 expired: 2019-09-09 usage: E
[ultimate] (1). Jill Doe (CX) <[email protected]>
所以我们要编辑第一个子项(ssb)
ssb rsa2048/56ABDJFDKFN
created: 2019-09-07 expired: 2019-09-09 usage: E
[ultimate] (1). Jill Doe (CX) <[email protected]>
当您选择键 (1) 时,您应该会看到其旁边的 *,例如ssb*
。然后就可以设置过期时间然后保存了。
gpg> key 1
sec rsa2048/AF4RGH94ADC84
created: 2019-09-07 expires: 2020-11-15 usage: SC
trust: ultimate validity: ultimate
ssb* rsa2048/56ABDJFDKFN
created: 2019-09-07 expired: 2019-09-09 usage: E
[ultimate] (1). Jill Doe (CX) <[email protected]>
gpg> expire
...
Changing expiration time for a subkey.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 2y
Key expires at Wed 9 Sep 16:20:33 2021 GMT
Is this correct? (y/N) y
sec rsa2048/AF4RGH94ADC84
created: 2019-09-07 expires: 2020-11-15 usage: SC
trust: ultimate validity: ultimate
ssb* rsa2048/56ABDJFDKFN
created: 2019-09-07 expires: 2021-09-09 usage: E
[ultimate] (1). Jill Doe (CX) <[email protected]>
...
gpg> save
退出前不要忘记保存更改!
答案2
gpg (2.2.41) 中有一个(较新的?)选项,您可以仅使用以下命令一次性扩展所有子项:
gpg --quick-set-expire <1> <2> <3>
意义:
<1> 您的密钥指纹(来自gpg --list-secret-keys
)
<2> 您希望将过期期限延长多长时间
<3> 可选地,要延长的子密钥指纹('*'
以延长所有未过期的子密钥)
例如:
gpg --quick-set-expire 7BCDED693SECRETKEY1552ACB71237 7w '*'
答案3
我通过安装和使用 openPGP 解决了这个问题。点击“过期”按钮;它不接受“永不过期”,但您可以设置未来的日期。