Renewing expired GPG subkeys

Posted on June 6, 2018 - 11:08:00 AM

After starting the Plasma desktop, I noticed that KDE Wallet software was not decrypting my secrets anymore even after putting in my passphrase correctly. The reason is because my GPG subkeys had expired! I choose to extend the expiration date of my keys but I could have also rotated the expired keys.

The reason my keys expired in the first place is because I followed the advice from another blog on how to securely manage GPG keys. I had decided to let my main public key expire after a few years and the subkeys to expire after six months. When they expired I needed to first extend the expiration using help from StackExchange. While fairly straight forward now that I have done it, I related to this quote going through the process. “Is it any wonder GnuPG has never taken off for the masses…”

After extending the expiration date, the next task is to distribute the newly signed public keys so that others can still decrypt and verify your messanges created with GPG. In my case, I have have my keys posted on my website, on Keybase and also used by a variety of other services such as Github and Facebook. Currently I have only updated my keys on Keybase, but I will be updating the other locations next. For Github, my future commits should not be marked as “Verified” because my public key is expired, but I wasn’t able to verify this behavior myself. I’m not sure what Facebook will do with an expired key.