jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-22 19:34:15 -05:00
Code Issues Projects Releases Wiki Activity

Improved GPG key management experience (#29113)

Browse Source
This commit is contained in:
David Staheli
2022-07-19 06:25:03 -04:00
committed by GitHub
parent 063da9ddfe
commit ddb4d39e00
15 changed files with 93 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
content/authentication/troubleshooting-commit-signature-verification/index.md
View File

@@ -15,7 +15,6 @@ topics:
- Access management
children:
- /checking-your-commit-and-tag-signature-verification-status
- /updating-an-expired-gpg-key
- /using-a-verified-email-address-in-your-gpg-key
shortTitle: Troubleshoot verification
---

24
content/authentication/troubleshooting-commit-signature-verification/updating-an-expired-gpg-key.md
View File

@@ -1,24 +0,0 @@
---
title: Updating an expired GPG key
intro: 'When verifying a signature, {% data variables.product.product_name %} checks that the key is not revoked or expired. If your signing key is revoked or expired, {% data variables.product.product_name %} cannot verify your signatures. If your key is revoked, use the primary key or another key that is not revoked to sign your commits.'
redirect_from:
- /articles/updating-an-expired-gpg-key
- /github/authenticating-to-github/updating-an-expired-gpg-key
- /github/authenticating-to-github/troubleshooting-commit-signature-verification/updating-an-expired-gpg-key
versions:
fpt: '*'
ghes: '*'
ghae: '*'
ghec: '*'
topics:
- Identity
- Access management
shortTitle: Update expired GPG key
---
If your key is expired, you must [update the expiration](https://www.gnupg.org/gph/en/manual/c235.html#AEN328), export the new key, delete the expired key in your GitHub account, and [upload the new key to GitHub](/articles/adding-a-new-gpg-key-to-your-github-account/). Your previous commits and tags will show as verified, as long as the key meets all other verification requirements.
If your key is invalid and you don't use another valid key in your key set, but instead generate a new GPG key with a new set of credentials, then your commits made with the revoked or expired key will continue to show as unverified. Also, your new credentials will not be able to resign or verify your old commits and tags.
## Further reading
- "[About commit signature verification](/articles/about-commit-signature-verification)"