cannot import key

Werner Koch wk at
Sun Aug 12 21:19:01 CEST 2001

On Fri, 10 Aug 2001 17:29:28 -0400, David Shaw said:

> Notice the two different creation dates.  The digest data is different
> as well.  The first of these two sigs is the bad one.  Can you think
> of any reason the key might have been self-signed at two different
> times?  (Changing the expiration on the key can do this).

There are a couple of reasons why you want a new self signature, like
adding other notation data or changing the preferences.  An
implementation should use the latest self-signature and ignore
others.  It should even be possible to revoke a user ID revocation
(e.g. dropping out of a company and getting back later).

The current CVS code of GnuPG allows to change the primary key or the
preferences and therefore it has to create a new self-signature.
Actually GnuPG sets the timestamp of the sef-signature just
one second ahead to mark it newer.


Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus

More information about the Gnupg-devel mailing list