EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Change expiration date to a PGP key.

Posted: 04/26/2012 18:14:49
by toledogu (Basic support level)
Joined: 09/27/2011
Posts: 15

I want to know how can I change the expiration date on a PGP key that has been already created.

Right now if I try to do this using TElPGPSecretKey class, it throws the error "Can not modify Key".
Posted: 04/26/2012 23:46:32
by Eugene Mayevski (Team)

Indeed you can not modify the existing key.

Sincerely yours
Eugene Mayevski
Posted: 04/27/2012 05:39:40
by Ken Ivanov (Team)

Expiration time of version 4 OpenPGP keys is specified in the "key expiration time" extension of a self-signature made over that key. SecureBlackbox adds this extension automatically should you pass a non-zero Expires value to the Generate() method.

You can prolong the lifetime of the key by removing the existing self-signature (containing the "old" expiration time) and creating a new one (with "new" expiration time). Please note that you need a secret key to create a new self-signature.

Still, in this case you need to ensure that the updated copy of the public key is provided to all the environments where your original key resides (i.e. partners, key servers etc.).
Posted: 05/02/2012 09:17:14
by toledogu (Basic support level)
Joined: 09/27/2011
Posts: 15

Hi Innokentiy Ivanov

How can I do this?
Posted: 05/02/2012 11:51:51
by Ken Ivanov (Team)

The existing signature carrying the expiration date can be removed with TElPGPPublicKey.RemoveSignature() method. New signature with an updated expiration date can be generated and added in the following way:
        // creating a signature object        
        TElPGPSignature selfSig = new TElPGPSignature();            
        // setting key expiration time (in days from key generation moment)
        selfSig.KeyExpirationTime = 200;
        // creating a direct signature over the public key
        pgpSecKey.DirectSign(pgpPubKey, selfSig);
        // adding the created signature to the public key
Posted: 05/08/2012 11:08:58
by toledogu (Basic support level)
Joined: 09/27/2011
Posts: 15

I'm testing this code and just change expiration time in the signature no in the Public Key.
Posted: 05/09/2012 07:08:49
by Ken Ivanov (Team)

Version 4 OpenPGP keys do not store expiration date directly in the key. Instead, the number of days to expire is stored in a self-signature attached to this key. This way, what you see is correct, it's the signature where the expiration date should be changed.



Topic viewed 4433 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!