Page MenuHome GnuPG

GPG: Batch keygen has no default expiry date
Closed, ResolvedPublic


I know I know I should use the quick-gen API in the future. But existing software uses the batch keygen api.

The problem here is that the behavior is different regarding the expiry date. For quick-gen / gen key with gnupg we have a default expiry. And then For batch keygen we don't. Example:

key-type:      RSA
key-length:    2048
key-usage:     sign,encrypt
name-real:     expiry-test

Generates a key without expiry.

This leads to Kleopatra / KMail generating keys without expiry dates by default and has been reported as a bug there.



Event Timeline

Hmm. I am fine changing this for master. But for 2.2 I am nut sure. Asking on gnupg-devel?

Ok for me to just have it in master. It should be fixed but is not super important imo.

This was changed in kleopatra some time ago to also generate keys with 2y expiry. So the motivation for this issue is gone.