Can you extend the expiration date of an already expired GPG key?

Lets say I add an expiration date to a GPG/PGP key, then for some reason am unable to extend the expiration date of the key before its time is up.

Assuming I still have access to the private key (and the public key has only expired, not been revoked) can I still renew it?


Yes, you can renew it at any time. Here's how to do it:

gpg --list-keys
gpg --edit-key (key id)

Now you're in the gpg console. (By default, you're working on the primary key.) If you need to update a sub-key:

gpg> key 1

Now you can set the expiration for the selected key:

gpg> expire
(follow prompts)
gpg> save

Now that you've updated your key, you can send it out:

gpg --keyserver pgp.mit.edu --send-keys (key id)

And, yes, having an expiration date for your keys is a very good idea. You should never really have a key with no expiration date. If it's compromised, it could be used forever.


According OpenPGP Best Practices on Riseup.net (archived)1, yes, it is possible, and there don't seem to be any recommendations against it:

People think that they don’t want their keys to expire, but you actually do. Why? Because you can always extend your expiration date, even after it has expired! This “expiration” is actually more of a safety valve or “dead-man switch” that will automatically trigger at some point. If you have access to the secret key material, you can untrigger it. The point is to setup something to disable your key in case you lose access to it (and have no revocation certificate).


[1]: The link now points to an Internet Archive entry as the original one is dead.