diff --git a/assets/images/help/settings/gpg-verified-with-expired-key.png b/assets/images/help/settings/gpg-verified-with-expired-key.png
new file mode 100644
index 0000000000..05afaf6da9
Binary files /dev/null and b/assets/images/help/settings/gpg-verified-with-expired-key.png differ
diff --git a/content/authentication/managing-commit-signature-verification/about-commit-signature-verification.md b/content/authentication/managing-commit-signature-verification/about-commit-signature-verification.md
index d3d7ca971f..6f05b9af2a 100644
--- a/content/authentication/managing-commit-signature-verification/about-commit-signature-verification.md
+++ b/content/authentication/managing-commit-signature-verification/about-commit-signature-verification.md
@@ -70,7 +70,7 @@ To sign commits using GPG and have those commits verified on {% data variables.p
1. [Check for existing GPG keys](/articles/checking-for-existing-gpg-keys)
2. [Generate a new GPG key](/articles/generating-a-new-gpg-key)
-3. [Add a new GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account)
+3. [Add a GPG key to your GitHub account](/articles/adding-a-gpg-key-to-your-github-account)
4. [Tell Git about your signing key](/articles/telling-git-about-your-signing-key)
5. [Sign commits](/articles/signing-commits)
6. [Sign tags](/articles/signing-tags)
diff --git a/content/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account.md b/content/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account.md
new file mode 100644
index 0000000000..68656fa689
--- /dev/null
+++ b/content/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account.md
@@ -0,0 +1,72 @@
+---
+title: Adding a GPG key to your GitHub account
+intro: 'To configure your account on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.product.product_location %}{% endif %} to use your new (or existing) GPG key, you''ll also need the key to your account.'
+redirect_from:
+ - /articles/adding-a-gpg-key-to-your-github-account
+ - /github/authenticating-to-github/adding-a-new-gpg-key-to-your-github-account
+ - /github/authenticating-to-github/managing-commit-signature-verification/adding-a-new-gpg-key-to-your-github-account
+ - /articles/updating-an-expired-gpg-key
+ - /authentication/troubleshooting-commit-signature-verification/updating-an-expired-gpg-key
+ - /github/authenticating-to-github/updating-an-expired-gpg-key
+ - /github/authenticating-to-github/troubleshooting-commit-signature-verification/updating-an-expired-gpg-key
+ - /authentication/managing-commit-signature-verification/adding-a-new-gpg-key-to-your-github-account
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghae: '*'
+ ghec: '*'
+topics:
+ - Identity
+ - Access management
+shortTitle: Add a GPG key
+---
+
+## About addition of GPG keys to your account
+
+To sign commits associated with your account on {% data variables.product.product_name %}, you can add a public GPG key to your personal account. Before you add a key, you should check for existing keys. If you don't find any existing keys, you can generate and copy a new key. For more information, see "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)" and "[Generating a new GPG key](/articles/generating-a-new-gpg-key)."
+
+You can add multiple public keys to your account on {% data variables.product.product_name %}. Commits signed by any of the corresponding private keys will show as verified. If you remove a public key, any commits signed by the corresponding private key will no longer show as verified.
+
+{% ifversion upload-expired-or-revoked-gpg-key %}
+To verify as many of your commits as possible, you can add expired and revoked keys. If the key meets all other verification requirements, commits that were previously signed by any of the corresponding private keys will show as verified and indicate that their signing key is expired or revoked.
+
+
+{% endif %}
+
+{% data reusables.gpg.supported-gpg-key-algorithms %}
+
+When verifying a signature, {% data variables.product.product_name %} extracts the signature and attempts to parse its key ID. The key ID is then matched with keys added to {% data variables.product.product_name %}. Until a matching GPG key is added to {% data variables.product.product_name %}, it cannot verify your signatures.
+
+## Adding a GPG key
+
+{% data reusables.user-settings.access_settings %}
+{% data reusables.user-settings.ssh %}
+3. Click **New GPG key**.
+ 
+4. In the "Key" field, paste the GPG key you copied when you [generated your GPG key](/articles/generating-a-new-gpg-key).
+ 
+5. Click **Add GPG key**.
+ 
+6. To confirm the action, enter your {% data variables.product.product_name %} password.
+
+{% ifversion upload-expired-or-revoked-gpg-key %}
+{% else %}
+## Updating an expired GPG key
+
+When verifying a signature, {% data variables.product.product_name %} checks that the key is not revoked or expired. If your signing key is revoked or expired, {% data variables.product.product_name %} cannot verify your signatures.
+
+If your key is expired, you must [update its expiration](https://www.gnupg.org/gph/en/manual.html#AEN329), export the new key, delete the expired key in your account on {% data variables.product.product_name %}, and add the new key to your account as described above. Your previous commits and tags will show as verified, as long as the key meets all other verification requirements.
+
+If your key is revoked, use the primary key or another key that is not revoked to sign your commits.
+
+If your key is invalid and you don't use another valid key in your key set, but instead generate a new GPG key with a new set of credentials, then your commits made with the revoked or expired key will continue to show as unverified. Also, your new credentials will not be able to re-sign or verify your old commits and tags.
+{% endif %}
+
+## Further reading
+
+- "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)"
+- "[Generating a new GPG key](/articles/generating-a-new-gpg-key)"
+- "[Telling Git about your signing key](/articles/telling-git-about-your-signing-key)"
+- "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)"
+- "[Signing commits and tags using GPG keys](/articles/signing-commits-and-tags-using-gpg)"
+- "[About commit signature verification](/articles/about-commit-signature-verification)"
diff --git a/content/authentication/managing-commit-signature-verification/adding-a-new-gpg-key-to-your-github-account.md b/content/authentication/managing-commit-signature-verification/adding-a-new-gpg-key-to-your-github-account.md
deleted file mode 100644
index 036d501525..0000000000
--- a/content/authentication/managing-commit-signature-verification/adding-a-new-gpg-key-to-your-github-account.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-title: Adding a new GPG key to your GitHub account
-intro: 'To configure your account on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.product.product_location %}{% endif %} to use your new (or existing) GPG key, you''ll also need the key to your account.'
-redirect_from:
- - /articles/adding-a-new-gpg-key-to-your-github-account
- - /github/authenticating-to-github/adding-a-new-gpg-key-to-your-github-account
- - /github/authenticating-to-github/managing-commit-signature-verification/adding-a-new-gpg-key-to-your-github-account
-versions:
- fpt: '*'
- ghes: '*'
- ghae: '*'
- ghec: '*'
-topics:
- - Identity
- - Access management
-shortTitle: Add a new GPG key
----
-Before adding a new GPG key to your account on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.product.product_location %}{% endif %}, you should have:
-- [Checked for existing GPG keys](/articles/checking-for-existing-gpg-keys)
-- [Generated and copied a new GPG key](/articles/generating-a-new-gpg-key)
-
-You can add multiple public keys to your GitHub account. Commits signed by any of the corresponding private keys will show as verified. If you remove a public key, any commits signed by the corresponding private key will no longer show as verified.
-
-{% data reusables.gpg.supported-gpg-key-algorithms %}
-
-When verifying a signature, we extract the signature and attempt to parse its key-id. We match the key-id with keys uploaded to {% data variables.product.product_name %}. Until you upload your GPG key to {% data variables.product.product_name %}, we cannot verify your signatures.
-
-## Adding a GPG key
-
-{% data reusables.user-settings.access_settings %}
-{% data reusables.user-settings.ssh %}
-3. Click **New GPG key**.
- 
-4. In the "Key" field, paste the GPG key you copied when you [generated your GPG key](/articles/generating-a-new-gpg-key).
- 
-5. Click **Add GPG key**.
- 
-6. To confirm the action, enter your {% data variables.product.product_name %} password.
-
-## Further reading
-
-* "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)"
-* "[Generating a new GPG key](/articles/generating-a-new-gpg-key)"
-* "[Telling Git about your signing key](/articles/telling-git-about-your-signing-key)"
-* "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)"
-* "[Signing commits and tags using GPG keys](/articles/signing-commits-and-tags-using-gpg)"
diff --git a/content/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key.md b/content/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key.md
index 53019bf434..21813267dc 100644
--- a/content/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key.md
+++ b/content/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key.md
@@ -50,13 +50,13 @@ If you're using a GPG key that matches your committer identity and your verified
$ gpg --armor --export 3AA5C34371567BD2
# Prints the GPG key, in ASCII armor format
```
-11. Upload the GPG key by [adding it to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account).
+11. Upload the GPG key by [adding it to your GitHub account](/articles/adding-a-gpg-key-to-your-github-account).
## Further reading
- "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)"
- "[Generating a new GPG key](/articles/generating-a-new-gpg-key)"
- "[Using a verified email address in your GPG key](/articles/using-a-verified-email-address-in-your-gpg-key)"
-- "[Adding a new GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account)"
+- "[Adding a GPG key to your GitHub account](/articles/adding-a-gpg-key-to-your-github-account)"
- "[Signing commits](/articles/signing-commits)"
- "[Signing tags](/articles/signing-tags)"
diff --git a/content/authentication/managing-commit-signature-verification/checking-for-existing-gpg-keys.md b/content/authentication/managing-commit-signature-verification/checking-for-existing-gpg-keys.md
index c22cb3a918..6b2b466979 100644
--- a/content/authentication/managing-commit-signature-verification/checking-for-existing-gpg-keys.md
+++ b/content/authentication/managing-commit-signature-verification/checking-for-existing-gpg-keys.md
@@ -32,12 +32,12 @@ shortTitle: Existing GPG keys
$ gpg --armor --export 3AA5C34371567BD2
# Prints the GPG key ID, in ASCII armor format
```
- You can then [add your GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account).
+ You can then [add your GPG key to your GitHub account](/articles/adding-a-gpg-key-to-your-github-account).
## Further reading
* "[Generating a new GPG key](/articles/generating-a-new-gpg-key)"
-* "[Adding a new GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account)"
+* "[Adding a GPG key to your GitHub account](/articles/adding-a-gpg-key-to-your-github-account)"
* "[Telling Git about your signing key](/articles/telling-git-about-your-signing-key)"
* "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)"
* "[Signing commits](/articles/signing-commits)"
diff --git a/content/authentication/managing-commit-signature-verification/generating-a-new-gpg-key.md b/content/authentication/managing-commit-signature-verification/generating-a-new-gpg-key.md
index 7153df810e..e1c8492c46 100644
--- a/content/authentication/managing-commit-signature-verification/generating-a-new-gpg-key.md
+++ b/content/authentication/managing-commit-signature-verification/generating-a-new-gpg-key.md
@@ -37,7 +37,7 @@ topics:
```
4. At the prompt, specify the kind of key you want, or press `Enter` to accept the default.
5. At the prompt, specify the key size you want, or press `Enter` to accept the default. Your key must be at least `4096` bits.
-6. Enter the length of time the key should be valid. Press `Enter` to specify the default selection, indicating that the key doesn't expire.
+6. Enter the length of time the key should be valid. Press `Enter` to specify the default selection, indicating that the key doesn't expire. Unless you require an expiration date, we recommend accepting this default.
7. Verify that your selections are correct.
8. Enter your user ID information.
@@ -56,12 +56,12 @@ topics:
# Prints the GPG key ID, in ASCII armor format
```
11. Copy your GPG key, beginning with `-----BEGIN PGP PUBLIC KEY BLOCK-----` and ending with `-----END PGP PUBLIC KEY BLOCK-----`.
-12. [Add the GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account).
+12. [Add the GPG key to your GitHub account](/articles/adding-a-gpg-key-to-your-github-account).
## Further reading
* "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)"
-* "[Adding a new GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account)"
+* "[Adding a GPG key to your GitHub account](/articles/adding-a-gpg-key-to-your-github-account)"
* "[Telling Git about your signing key](/articles/telling-git-about-your-signing-key)"
* "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)"
* "[Signing commits](/articles/signing-commits)"
diff --git a/content/authentication/managing-commit-signature-verification/index.md b/content/authentication/managing-commit-signature-verification/index.md
index 8a3ba49810..cda54504d8 100644
--- a/content/authentication/managing-commit-signature-verification/index.md
+++ b/content/authentication/managing-commit-signature-verification/index.md
@@ -19,7 +19,7 @@ children:
- /displaying-verification-statuses-for-all-of-your-commits
- /checking-for-existing-gpg-keys
- /generating-a-new-gpg-key
- - /adding-a-new-gpg-key-to-your-github-account
+ - /adding-a-gpg-key-to-your-github-account
- /telling-git-about-your-signing-key
- /associating-an-email-with-your-gpg-key
- /signing-commits
diff --git a/content/authentication/managing-commit-signature-verification/signing-commits.md b/content/authentication/managing-commit-signature-verification/signing-commits.md
index a158f5199a..6363f778c0 100644
--- a/content/authentication/managing-commit-signature-verification/signing-commits.md
+++ b/content/authentication/managing-commit-signature-verification/signing-commits.md
@@ -54,7 +54,7 @@ If you have multiple keys or are attempting to sign commits or tags with a key t
* "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)"
* "[Generating a new GPG key](/articles/generating-a-new-gpg-key)"
-* "[Adding a new GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account)"
+* "[Adding a GPG key to your GitHub account](/articles/adding-a-gpg-key-to-your-github-account)"
* "[Telling Git about your signing key](/articles/telling-git-about-your-signing-key)"
* "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)"
* "[Signing tags](/articles/signing-tags)"
diff --git a/content/authentication/managing-commit-signature-verification/signing-tags.md b/content/authentication/managing-commit-signature-verification/signing-tags.md
index e6b92b45e6..1809bef4ad 100644
--- a/content/authentication/managing-commit-signature-verification/signing-tags.md
+++ b/content/authentication/managing-commit-signature-verification/signing-tags.md
@@ -33,7 +33,7 @@ topics:
- "[Viewing your repository's tags](/articles/viewing-your-repositorys-tags)"
- "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)"
- "[Generating a new GPG key](/articles/generating-a-new-gpg-key)"
-- "[Adding a new GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account)"
+- "[Adding a GPG key to your GitHub account](/articles/adding-a-gpg-key-to-your-github-account)"
- "[Telling Git about your signing key](/articles/telling-git-about-your-signing-key)"
- "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)"
- "[Signing commits](/articles/signing-commits)"
diff --git a/content/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key.md b/content/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key.md
index 07e6776d63..b86b173566 100644
--- a/content/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key.md
+++ b/content/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key.md
@@ -108,7 +108,7 @@ If you have multiple GPG keys, you need to tell Git which one to use.
- "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)"
- "[Generating a new GPG key](/articles/generating-a-new-gpg-key)"
- "[Using a verified email address in your GPG key](/articles/using-a-verified-email-address-in-your-gpg-key)"
-- "[Adding a new GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account)"
+- "[Adding a GPG key to your GitHub account](/articles/adding-a-gpg-key-to-your-github-account)"
- "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)"
- "[Signing commits](/articles/signing-commits)"
- "[Signing tags](/articles/signing-tags)"
diff --git a/content/authentication/troubleshooting-commit-signature-verification/index.md b/content/authentication/troubleshooting-commit-signature-verification/index.md
index 46abaa90df..9484645e7b 100644
--- a/content/authentication/troubleshooting-commit-signature-verification/index.md
+++ b/content/authentication/troubleshooting-commit-signature-verification/index.md
@@ -15,7 +15,6 @@ topics:
- Access management
children:
- /checking-your-commit-and-tag-signature-verification-status
- - /updating-an-expired-gpg-key
- /using-a-verified-email-address-in-your-gpg-key
shortTitle: Troubleshoot verification
---
diff --git a/content/authentication/troubleshooting-commit-signature-verification/updating-an-expired-gpg-key.md b/content/authentication/troubleshooting-commit-signature-verification/updating-an-expired-gpg-key.md
deleted file mode 100644
index 6af925988c..0000000000
--- a/content/authentication/troubleshooting-commit-signature-verification/updating-an-expired-gpg-key.md
+++ /dev/null
@@ -1,24 +0,0 @@
----
-title: Updating an expired GPG key
-intro: 'When verifying a signature, {% data variables.product.product_name %} checks that the key is not revoked or expired. If your signing key is revoked or expired, {% data variables.product.product_name %} cannot verify your signatures. If your key is revoked, use the primary key or another key that is not revoked to sign your commits.'
-redirect_from:
- - /articles/updating-an-expired-gpg-key
- - /github/authenticating-to-github/updating-an-expired-gpg-key
- - /github/authenticating-to-github/troubleshooting-commit-signature-verification/updating-an-expired-gpg-key
-versions:
- fpt: '*'
- ghes: '*'
- ghae: '*'
- ghec: '*'
-topics:
- - Identity
- - Access management
-shortTitle: Update expired GPG key
----
-If your key is expired, you must [update the expiration](https://www.gnupg.org/gph/en/manual/c235.html#AEN328), export the new key, delete the expired key in your GitHub account, and [upload the new key to GitHub](/articles/adding-a-new-gpg-key-to-your-github-account/). Your previous commits and tags will show as verified, as long as the key meets all other verification requirements.
-
-If your key is invalid and you don't use another valid key in your key set, but instead generate a new GPG key with a new set of credentials, then your commits made with the revoked or expired key will continue to show as unverified. Also, your new credentials will not be able to resign or verify your old commits and tags.
-
-## Further reading
-
-- "[About commit signature verification](/articles/about-commit-signature-verification)"
diff --git a/data/features/upload-expired-or-revoked-gpg-key.yml b/data/features/upload-expired-or-revoked-gpg-key.yml
new file mode 100644
index 0000000000..f11ff75cbd
--- /dev/null
+++ b/data/features/upload-expired-or-revoked-gpg-key.yml
@@ -0,0 +1,8 @@
+# Issue: 7123
+# Description: Allow adding expired and revoked GPG keys for verifying commit and tag signatures
+# Usage: {% ifversion upload-expired-or-revoked-gpg-key %} ... {% endif %}
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.6'
+ ghae: 'issue-7123'
diff --git a/data/reusables/enterprise_site_admin_settings/add-key-to-web-flow-user.md b/data/reusables/enterprise_site_admin_settings/add-key-to-web-flow-user.md
index d92f574c69..16a869b963 100644
--- a/data/reusables/enterprise_site_admin_settings/add-key-to-web-flow-user.md
+++ b/data/reusables/enterprise_site_admin_settings/add-key-to-web-flow-user.md
@@ -5,7 +5,7 @@
```
1. Copy your PGP key, beginning with `-----BEGIN PGP PUBLIC KEY BLOCK-----` and ending with `-----END PGP PUBLIC KEY BLOCK-----`.
1. Sign into {% data variables.product.prodname_ghe_server %} as the `web-flow` user.
-1. Add the public PGP key to the user's profile. For more information, see "[Adding a new GPG key to your {% data variables.product.prodname_dotcom %} account](/authentication/managing-commit-signature-verification/adding-a-new-gpg-key-to-your-github-account)."
+1. Add the public PGP key to the user's profile. For more information, see "[Adding a GPG key to your {% data variables.product.prodname_dotcom %} account](/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account)."
{% note %}