When creating a key that expires in X years, the output is a bit confusing.
Consider:
us@chu:~$ date Tue Apr 7 10:34:20 CEST 2015 us@chu:~$ gpg2 --gen-key gpg (GnuPG) 2.0.26; Copyright (C) 2013 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 4 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 10y Key expires at Fri 04 Apr 2025 10:34:17 AM CEST Is this correct? (y/N) gpg: signal Interrupt caught ... exiting
That is, the currnet date is April 7th 2015 and a key is created to expire
in 10 years. gpg computes 10 years in the future as April 4th 2025,
rather than April 6th or 7th 2025. This is probably because gpg is ignoring
leap days.