This version of GitHub Enterprise will be discontinued on This version of GitHub Enterprise was discontinued on 2020-11-12. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Updating an expired GPG key

When verifying a signature, GitHub Enterprise checks that the key is not revoked or expired. If your signing key is revoked or expired, GitHub Enterprise cannot verify your signatures. If your key is revoked, use the primary key or another key that is not revoked to sign your commits.

Did this doc help you?

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.

If your key is expired, you must update the expiration, export the new key, delete the expired key in your GitHub account, and upload the new key to GitHub. Your previous commits and tags will show as verified, as long as the key meets all other verification requirements.

If your key is invalid and you don't use another valid key in your key set, but instead generate a new GPG key with a new set of credentials, then your commits made with the revoked or expired key will continue to show as unverified. Also, your new credentials will not be able to resign or verify your old commits and tags.

Further reading

Did this doc help you?

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.