Renewal

There are several ways to “renew” the lifetime of existing keys. This chapter informs about several common ones and their pros/cons (to do).

Keep Key, Extend Deadline

  • pro: easy update & publication
  • pro: no new signatures needed
  • con: adds no forward secrecy

Keep Primary Key, Update Subkeys

  • pro: no new signatures needed
  • neutral: update process a bit more complex
  • unclear: adds (no) forward secrecy?

Generate New Primary Key, Sign with old Primary

  • pro: forward secrecy from this point onward
  • neutral: update process a bit more complex
  • con: only transitive trust from old key