I generate one key a year. Newer keys are made to expire around January 31 (with a new key being generated around December 31, giving a one-month ‘grace period’), and keys without expiry dates are revoked when they have, in my opinion, expired. To the best of my knowledge, there should not be any active ‘indefinite’ keys left.

I have two sets of keys (in addition to some special-purpose keys that won't be further mentioned):

This key is used for day-to-day signing and encryption. I use this for signing other people's keys, also.
This key is used to sign the above key, and has a four year validity.¹ It's solely used to sign my regular keys for year and the three following years; I won't sign others' keys with it, much less normal messages.

While I verify everyone's keys before I sign them, I urge you to confirm my keys before you use them. The best way is at a Thawte notarisation meeting, where I can sign your key as well.


  1. The 2001 master key lasts 4.42 years, since Thawte stopped signing PGP keys after the end of August 2000. I wanted to use Thawte's signature as a ‘bootstrap’ measure.