Page MenuHome GnuPG

provide option to ignore expiration date
Closed, ResolvedPublic


Please provide an option to ignore the expiration date of a key.

You may find yourself in a situation, where you want to send an encrypted
message to an old friend. But you only have an expired key of your friend and
there's no way to get a recent key from him.
And maybe - a long time ago - you and your friend from far, far away also took
the time to compare the fingerprints and mark your keys verified.

In that situation it's clearly a better choice to send your friend an encrypted
email using the old key, than sending an unencrypted email.

Especially if the old key is properly verified, it may also be an better option
to use the old key. And using a new key you just found on a a public keyserver,
without having a way to verify it, is probably less safe.

So the denial to use an expired key may result in less security!

What's expected:

In normal use still deny to use an expired key.

But provide a command line option like "--ignore-expired" (and also an API
option if not already present).

And if that option is activated, replace the denial with a big warning (telling
about the risks, e.g. key may became compromised and receiver may not has the
private key anymore and can't read the message), but then continue as if the key
is still valid.

If this is solved, feel free to leave a short message here: