[feat] extend the expiration of private keys if needed

Check on every fetch of the private key if the expiration is less than
two months before it expire. And extend the expiration if needed.

- Resolves: #8217

2 files changed, 11 insertions, 0 deletions

diff --git a/docs/changelog.rst b/docs/changelog.rst
index 20c6b7d6..4b2558a2 100644
--- a/docs/changelog.rst
+++ b/docs/changelog.rst
@@ -7,6 +7,7 @@ Changelog
 
 Features
 ~~~~~~~~
+- `#8217 <https://0xacab.org/leap/bitmask-dev/issues/8217>`_: renew OpenPGP keys before they expire.
 - Set a windows title, so that Bitmask windows can be programmatically manipulated.
 
 Misc
diff --git a/docs/keymanager/index.rst b/docs/keymanager/index.rst
index 5bc66b6f..033292d5 100644
--- a/docs/keymanager/index.rst
+++ b/docs/keymanager/index.rst
@@ -47,6 +47,16 @@ Currently Bitmask can discover new public keys from different sources:
 Other methods are planned to be added in the future, like discovery from signatures in emails, headers (autocrypt spec) or other kind of key servers.  
 
 
+Key expiration dates
+--------------------
+
+KeyManager creates the OpenPGP key with the default expiration of gnupg, that currently is 2 years after the key creation. We want keys with expiration date, to be able to roll new ones if the key material get lost.
+
+We will reduce the default expiration lenght in the future. That will require the rest of OpenPGP ecosystem to have good refresh mechanisms for keys, situation that is improving in the last years.
+
+KeyManager extends one year the expiration date automatically two months before the key gets expired.
+
+
 Implementation: using Soledad Documents
 ---------------------------------------