How to Fix an Expired GPG Key
In this tutorial, you'll learn about How to Fix an Expired GPG Key. We cover key concepts, practical examples, and best practices.
The Problem
Your GPG key has expired and you cannot sign commits, decrypt files, or verify signatures. The error message says gpg: key ABC12345: secret key without public key or gpg: WARNING: key ABC12345 has expired. An expired key does not break existing encrypted data but prevents new operations.
Quick Fix
Step 1: Check Key Expiry
gpg --list-keys --keyid-format=long
# pub rsa4096/ABC12345 2022-06-24 [expired: 2025-06-24]
# uid [ expired] Your Name <you@example.com>
Step 2: Edit the Key to Extend Expiry
WRONG — generating a new key (loses existing signatures and trust):
gpg --full-generate-key
# (creates a new key, but all existing encrypted files need re-encryption)
RIGHT — extend the existing key:
gpg --edit-key ABC12345
At the gpg> prompt:
gpg> expire
# Key is valid for? (0)
# Enter 1y for one year from now, or 0 for no expiry
gpg> 1y
# Key expires at Thu Jun 24 12:00:00 2027 UTC
# Is this correct? (y/N) y
gpg> save
Step 3: Verify the Updated Expiry
gpg --list-keys --keyid-format=long you@example.com
# pub rsa4096/ABC12345 2022-06-24 [expires: 2027-06-24]
# uid [ ultimate ] Your Name <you@example.com>
Step 4: Export and Upload the Updated Key
gpg --armor --export ABC12345 > updated-public-key.asc
gpg --keyserver keyserver.ubuntu.com --send-keys ABC12345
# gpg: sending key ABC12345 to hkp://keyserver.ubuntu.com
Step 5: Import on Other Machines
gpg --import updated-public-key.asc
# gpg: key ABC12345: "Your Name <you@example.com>" not changed
# gpg: Total number processed: 1
If the key is still shown as expired, the local copy has old expiry data. Refresh from the keyserver:
gpg --refresh-keys
# gpg: refreshing 1 keys from hkp://keyserver.ubuntu.com
# gpg: key ABC12345: "Your Name <you@example.com>" not changed
DodaTech's Key Manager integrates with GPG to monitor key expiry and automate renewal workflows across your team.
Prevention
- Set keys to expire within 1-2 years, not "never."
- Create a calendar reminder 30 days before expiry.
- Maintain a revocation certificate for emergency key replacement.
- Upload updated keys immediately after extending expiry.
- Store the expiry extension command in your runbook.
Common Mistakes with key expired
- Forgetting that lazy evaluation defers computation until the value is forced, causing space leaks with unevaluated thunks
- Using
returnto exit a function early instead of wrapping a pure value in the monad - Mixing let bindings with <- bindings in do notation, producing type errors
These mistakes appear frequently in real-world GPG code. DodaTech's contributors have identified these patterns through analysis of open-source projects and production systems.
Practice Exercise
Write a pure function that safely divides two integers using Maybe, then test it with edge cases like division by zero and negative numbers.
This exercise reinforces the concepts covered in this guide. Try implementing it before checking online solutions.
FAQ
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro