summaryrefslogtreecommitdiff
path: root/docs/keymanager
diff options
context:
space:
mode:
authorRuben Pollan <meskio@sindominio.net>2017-10-31 11:02:00 +0100
committerRuben Pollan <meskio@sindominio.net>2017-12-03 23:12:14 +0100
commitfb7eef011cc672f1884bcfcd4c859a549d8f3e49 (patch)
tree753190cbeeae7f1934590533f467a717cfabdaab /docs/keymanager
parentf6c71494f0ada864e80ee74c60ec09939a14f44b (diff)
[feat] extend the expiration of private keys if needed
Check on every fetch of the private key if the expiration is less than two months before it expire. And extend the expiration if needed. - Resolves: #8217
Diffstat (limited to 'docs/keymanager')
-rw-r--r--docs/keymanager/index.rst10
1 files changed, 10 insertions, 0 deletions
diff --git a/docs/keymanager/index.rst b/docs/keymanager/index.rst
index 5bc66b6f..033292d5 100644
--- a/docs/keymanager/index.rst
+++ b/docs/keymanager/index.rst
@@ -47,6 +47,16 @@ Currently Bitmask can discover new public keys from different sources:
Other methods are planned to be added in the future, like discovery from signatures in emails, headers (autocrypt spec) or other kind of key servers.
+Key expiration dates
+--------------------
+
+KeyManager creates the OpenPGP key with the default expiration of gnupg, that currently is 2 years after the key creation. We want keys with expiration date, to be able to roll new ones if the key material get lost.
+
+We will reduce the default expiration lenght in the future. That will require the rest of OpenPGP ecosystem to have good refresh mechanisms for keys, situation that is improving in the last years.
+
+KeyManager extends one year the expiration date automatically two months before the key gets expired.
+
+
Implementation: using Soledad Documents
---------------------------------------