0

I have 3 subkeys in my keyring that have just expired (created a year ago). My private key has no expiration date and is maintained offline most of the time. My plan was to rotate subkeys every year (not sure if it makes sense), I created 3 new subkeys to replace them (due to expire in a year), each with one capability out of (S, E, A).

Now, what should I do with the expired subkeys? Should I simply delete them from the keyring (delkey?) or revoke them? What is the best way to go about this?

nect
  • 11
  • 1
  • 4

1 Answers1

0

I guess revoking makes sense only if you use those keys "publicly", i.e. there are some people who should know that your key is outdated. You definitely should revoke a key which was published at a key server. Otherwise, I see no difference between revoking and deleting.

Emil Viesná
  • 88
  • 1
  • 12