Expired signature keys
Nick Lamb
njl98r at ecs.soton.ac.uk
Wed Sep 6 01:12:12 CEST 2000
Some time ago a friend created a GnuPG key and unknown to me they decided
to set an expiry time on their _primary_ signature key in the very near
future. They used this key to sign numerous keys, including mine and now
whenever GnuPG processes such sigs, for almost any reason it says:
gpg: NOTE: signature key expired Sat 13 May 2000 04:06:17 PM BST
This is very confusing because it doesn't say WHICH key has expired, it
seems to expect that the context makes this clear -- but of course when
GnuPG is silently processing away, and happens to examine this key for
some reason, it ISN'T obvious why this message has been printed, as a
result I spent some time carefully examining my private key (doh!)
Here's an example of a case where the output is most confusing, from
mutt while processing a signed message:
[-- PGP output follows (current time: Wed Sep 6 00:02:35 2000) --]
gpg: Signature made Tue 05 Sep 2000 20:19:19 BST using DSA key ID 741BE7D8
gpg: Good signature from "Nicholas Lamb <njl195 at zepler.org.uk>"
gpg: NOTE: signature key expired Sat 13 May 2000 16:06:17 BST
[-- End of PGP output --]
You can see a reasonable person might think that it's the "Nicholas Lamb"
key which has expired, but it isn't, so I think GnuPG 1.0.3 should either:
1. Explicitly say in the NOTE which key has expired (but this might get
very noisy for people with large keyrings)
2. Shut up about expired keys -- just ignore them unless that would cause
an error, obviously ERRORS due to expired keys are worth reporting.
Can someone who has proprietary software check what PGP does these days?
Nick.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : /pipermail/attachments/20000906/0f5a676e/attachment.bin
More information about the Gnupg-devel
mailing list