Linux pass - expiroval GPG klíč - jak nastavit neomezenou platnost

Autor Rusty
Publikováno 04.10.2020 (update: 04.10.2020)
Kategorie Článek
Při používání správce hesel Pass můžete po čase používání dospět k tomu, že použitý GPG klíč expiruje a není možné přidávat nová hesla do klíčenky. V následujícím sledu příkazů si předvedeme, jak nastavit GPG klíči neomezenou platnost. Je nutno podotknout, že z bezpečnostního hlediska by se toto dělat nemělo....



user@server:~/xyz$ gpg --list-keys
/home/user/.gnupg/pubring.kbx
-----------------------------
pub rsa3072 2018-09-07 [SC] [expired: 2020-09-06]
xxxxxxxxxxxxxxxxxxxx
uid [ expired] CC ZT

pub rsa3072 2018-09-07 [SC] [expired: 2020-09-06]
yyyyyyyyyyyyyyyyyyyyyy
uid [ expired] user

pub rsa4096 2019-11-19 [SC]
zzzzzzzzzzzz
uid [ultimate] pass-crash
sub rsa4096 2019-11-19 [E]

user@server:~/xyz$ gpg --edit-key yyyyyyyyyyyyyyyyyyyyyy
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec rsa3072/ccccccccc
created: 2018-09-07 expired: 2020-09-06 usage: SC
trust: ultimate validity: expired
ssb rsa3072/qqqqqqqqqqqqq
created: 2018-09-07 expired: 2020-09-06 usage: E
[ expired] (1). user

gpg> expire
Changing expiration time for the primary key.
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

sec rsa3072/ccccccccc
created: 2018-09-07 expires: never usage: SC
trust: ultimate validity: ultimate
ssb rsa3072/qqqqqqqqqqqqq
created: 2018-09-07 expired: 2020-09-06 usage: E
[ultimate] (1). user

gpg: WARNING: Your encryption subkey expires soon.
gpg: You may want to change its expiration date too.
gpg> key 1

sec rsa3072/ccccccccc
created: 2018-09-07 expires: never usage: SC
trust: ultimate validity: ultimate
ssb* rsa3072/qqqqqqqqqqqqq
created: 2018-09-07 expired: 2020-09-06 usage: E
[ultimate] (1). user

gpg> expire
Changing expiration time for a subkey.
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

sec rsa3072/ccccccccc
created: 2018-09-07 expires: never usage: SC
trust: ultimate validity: ultimate
ssb* rsa3072/qqqqqqqqqqqqq
created: 2018-09-07 expires: never usage: E
[ultimate] (1). user

gpg> save
user@server:~/xyz$ gpg --list-keys
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 3 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 3u
/home/user/.gnupg/pubring.kbx
-----------------------------
pub rsa3072 2018-09-07 [SC] [expired: 2020-09-06]
xxxxxxxxxxxxxxxxxxxx
uid [ expired] CC ZT

pub rsa3072 2018-09-07 [SC]
yyyyyyyyyyyyyyyyyyyyyy
uid [ultimate] user
sub rsa3072 2018-09-07 [E]

pub rsa4096 2019-11-19 [SC]
zzzzzzzzzzzz
uid [ultimate] pass-crash
sub rsa4096 2019-11-19 [E]


0

The English language is translated by machine - the translator can modify eg cited codes = it is better to use codes from the Czech original.

Linux pass - expired GPG key - how to set unlimited validity

When using the Pass password manager, you may find that the GPG key you use expires after you use it, and you can't add new passwords to your keychain. In the following sequence of commands we will demonstrate how to set the GPG key to unlimited validity. It should be noted that from a security point of view, this should not be done ....



user@server:~/xyz$ gpg --list-keys
/home/user/.gnupg/pubring.kbx
-----------------------------
pub rsa3072 2018-09-07 [SC] [expired: 2020-09-06]
xxxxxxxxxxxxxxxxxxxx
uid [ expired] CC ZT

pub rsa3072 2018-09-07 [SC] [expired: 2020-09-06]
yyyyyyyyyyyyyyyyyyyyyy
uid [ expired] user

pub rsa4096 2019-11-19 [SC]
zzzzzzzzzzzz
uid [ultimate] pass-crash
sub rsa4096 2019-11-19 [E]

user@server:~/xyz$ gpg --edit-key yyyyyyyyyyyyyyyyyyyyyy
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec rsa3072/ccccccccc
created: 2018-09-07 expired: 2020-09-06 usage: SC
trust: ultimate validity: expired
ssb rsa3072/qqqqqqqqqqqqq
created: 2018-09-07 expired: 2020-09-06 usage: E
[ expired] (1). user

gpg> expire
Changing expiration time for the primary key.
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

sec rsa3072/ccccccccc
created: 2018-09-07 expires: never usage: SC
trust: ultimate validity: ultimate
ssb rsa3072/qqqqqqqqqqqqq
created: 2018-09-07 expired: 2020-09-06 usage: E
[ultimate] (1). user

gpg: WARNING: Your encryption subkey expires soon.
gpg: You may want to change its expiration date too.
gpg> key 1

sec rsa3072/ccccccccc
created: 2018-09-07 expires: never usage: SC
trust: ultimate validity: ultimate
ssb* rsa3072/qqqqqqqqqqqqq
created: 2018-09-07 expired: 2020-09-06 usage: E
[ultimate] (1). user

gpg> expire
Changing expiration time for a subkey.
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

sec rsa3072/ccccccccc
created: 2018-09-07 expires: never usage: SC
trust: ultimate validity: ultimate
ssb* rsa3072/qqqqqqqqqqqqq
created: 2018-09-07 expires: never usage: E
[ultimate] (1). user

gpg> save
user@server:~/xyz$ gpg --list-keys
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 3 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 3u
/home/user/.gnupg/pubring.kbx
-----------------------------
pub rsa3072 2018-09-07 [SC] [expired: 2020-09-06]
xxxxxxxxxxxxxxxxxxxx
uid [ expired] CC ZT

pub rsa3072 2018-09-07 [SC]
yyyyyyyyyyyyyyyyyyyyyy
uid [ultimate] user
sub rsa3072 2018-09-07 [E]

pub rsa4096 2019-11-19 [SC]
zzzzzzzzzzzz
uid [ultimate] pass-crash
sub rsa4096 2019-11-19 [E]
Vaše reakce na článek Linux pass - expiroval GPG klíč - jak nastavit neomezenou platnost

Napsat komentář k článku

Tento web používá k poskytování služeb, personalizaci reklam a analýze návštěvnosti soubory cookie. Používáním tohoto webu s tím souhlasíte. Další informace