From bdd983b96de41fc2f1874e822e1a1d3e298cbc41 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 16 Jun 2017 12:04:08 -0400
Subject: [PATCH] Improve info about expired GPG keys.

---
 README.md | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 546927e..cab527f 100644
--- a/README.md
+++ b/README.md
@@ -600,18 +600,27 @@ rm -rf /tmp/NEWMASTER
 
 Also shred any other temporary files you may have made.
 
-Replace expired keys
-====================
+Replacing expired keys
+======================
 
-If any one admin's key expires, you can no longer encrypt files. You will need to replace the key and re-encrypt.
-
--	Step 0: You see this error:
+If someone's key has already expired, blackbox will stop
+encrypting.  You see this error:
 
 ```
 $ blackbox_edit_end modified_file.txt
 --> Error: can't re-encrypt because a key has expired.
 ```
 
+You can also detect keys that are about to expire by issuing this command and manually reviewing the "expired:" dates:
+
+    gpg --homedir=keyrings/live  --list-keys
+
+or... list UIDs that will expire within 1 month from today: (Warning: this also lists keys without an expiration date)
+
+    gpg --homedir=keyrings/live --list-keys  --with-colons --fixed-list-mode  | grep ^uid | awk -F: '$6 < '$(( $(date +%s) + 2592000))
+
+Here's how to replace the key:
+
 -	Step 1. Administrator removes expired user:
 
 Warning: This process will erase any unencrypted files that you were in the process of editing. Copy them elsewhere and restore the changes when done.