I’ve been using gnupg for years. It’s not that I have lots of super secret spy stuff to communicate to nefarious characters around the globe, but rather that when I send something personal, I’d like to keep it that way if possible. Like a lot of folks I have about a zillion passwords and authentication keys now to all the different websites and programs I use, online or otherwise. Like most people I used to keep all those passwords in a list in a text file someplace (usually right on my desktop!), but I decided a few years back to start encrypting it. I spend most of my day in a browser or in an email client, so years ago I chose to use gnupg and thunderbird with the enigmail add-on to sign and encrypt my email messages. I admit since I started using gmail more often I haven’t been signing my emails as much as I once did. The firefox extension firegpg allows you to use gnupg in gmail, but it’s just not as slick as enigmail is in Thunderbird so I eventually uninstalled it. Over the years I have accumulated a hoard of emails that can only be read when I click the nifty ‘decrypt’ button and enter my passphrase correctly. I’ve got lots of cool stuff squirreled away there including some emails from Wil Wheaton and other less well known folks on various arcane topics. Things worked so well for so long that I had totally forgotten that I set my key to expire in 5 years. Then, one day last week - it did!

I needed to shoot off a private, encrypted email and - no dice. Your key is expired!
This isn’t as earth shattering as it sounds. You can still access all your encrypted emails fine, but you can’t create any new ones with that key ever again. I’ve had several keys over the years for the different email addresses that I’ve had. They’re all tied together under one “umbrella” of sorts - they may be retired now but they’re still associated with each other, the history is all there. But when the key expires, that legacy is done. Everybody else in the world who had your key will eventually get flagged (as I understand it) that your key is dead and will likely remove it from their keychain. All those key-signing parties, all those trust settings!

I couldn’t just change the expiry date with gpg because it complained that my secret key was expired! What’s a man to do?

As it turns out, some nice person posted this information which describes the simple solution. LOL - setting your BIOS clock back to before your key expired allows you to operate on your key again and change the expiry date to some time later than the current date! Now why didn’t I think of that? (I was able to just change the OS date and time - and unplugged from the net so it wouldn’t update with ntp automatically)