如何使用 gpg 续订过期的加密子密钥

如何使用 gpg 续订过期的加密子密钥

我更新了我的 gpg 密钥对,但我仍然收到来自 gpg 的以下错误。

gpg: WARNING: Your encryption subkey expires soon.
gpg: You may want to change its expiration date too.

如何更新子密钥?

答案1

列出你的钥匙。


$ gpg --list-keys
...
-------------------------------
pub   rsa2048 2019-09-07 [SC] [expires: 2020-11-15]
      AF4RGH94ADC84
uid           [ultimate] Jill Doe (CX) <[email protected]>
sub   rsa2048 2019-09-07 [E] [expired: 2019-09-09]

pub   rsa2048 2019-12-13 [SC] [expires: 2020-11-15]
      7DAA371777412
uid           [ultimate] Jill Doe <[email protected]>
-------------------------------
...

我们要编辑密钥 AF4RGH94ADC84。该子项是列表中名为的第二个子项ssb


$ gpg --edit-key AF4RGH94ADC84

gpg> list

sec  rsa2048/AF4RGH94ADC84
     created: 2019-09-07  expires: 2020-11-15  usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa2048/56ABDJFDKFN
     created: 2019-09-07  expired: 2019-09-09  usage: E
[ultimate] (1). Jill Doe (CX) <[email protected]>

所以我们要编辑第一个子项(ssb)

ssb  rsa2048/56ABDJFDKFN
     created: 2019-09-07  expired: 2019-09-09  usage: E
[ultimate] (1). Jill Doe (CX) <[email protected]>

当您选择键 (1) 时,您应该会看到其旁边的 *,例如ssb*。然后就可以设置过期时间然后保存了。

gpg> key 1

sec  rsa2048/AF4RGH94ADC84
     created: 2019-09-07  expires: 2020-11-15  usage: SC
     trust: ultimate      validity: ultimate
ssb*  rsa2048/56ABDJFDKFN
     created: 2019-09-07  expired: 2019-09-09  usage: E
[ultimate] (1). Jill Doe (CX) <[email protected]>

gpg> expire
...

Changing expiration time for a subkey.
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years

Key is valid for? (0) 2y
Key expires at Wed 9 Sep 16:20:33 2021 GMT
Is this correct? (y/N) y

sec  rsa2048/AF4RGH94ADC84
     created: 2019-09-07  expires: 2020-11-15  usage: SC
     trust: ultimate      validity: ultimate
ssb*  rsa2048/56ABDJFDKFN
     created: 2019-09-07  expires: 2021-09-09  usage: E
[ultimate] (1). Jill Doe (CX) <[email protected]>
...

gpg> save

退出前不要忘记保存更改!

答案2

gpg (2.2.41) 中有一个(较新的?)选项,您可以仅使用以下命令一次性扩展所有子项:
gpg --quick-set-expire <1> <2> <3>

意义:

<1> 您的密钥指纹(来自gpg --list-secret-keys
<2> 您希望将过期期限延长多长时间
<3> 可选地,要延长的子密钥指纹('*'以延长所有未过期的子密钥)

例如:
gpg --quick-set-expire 7BCDED693SECRETKEY1552ACB71237 7w '*'

答案3

我通过安装和使用 openPGP 解决了这个问题。点击“过期”按钮;它不接受“永不过期”,但您可以设置未来的日期。

相关内容