Werner Koch wk at gnupg.org
Fri Jul 20 12:44:01 CEST 2001

On Fri, 20 Jul 2001 15:51:10 +0800 (WST), Anthony Goggins said:

> I created a DH/DSS Diffie-Helman 4096 key in PGP, with
> multiple sub-keys. First one is from 2001-7-7 to
> 2002-1-7, and the other from 2002-1-7 to 2002-7-7. I

You mean that it is possible with PGP to create subkeys with
timestamps in the future? And with the "to 2002-17" you mean an
expiration time I guess.

I was not aware that this is possible.  OTOH, prefactoring shortlived
keys makes indeed sense - but in most cases only if you can assure
that the secret part of those future keys are stored more securly
(i.e. offline) than the current key. I would have appreciated if NAI
had raised this on the OpenPGP WG, so that other implementors are
aware of such a feature and we might have been able to add some notes
to rfc2440bis.

As a workaround use --ignore-time-conflict , which makes the errors
just a warning.

Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus

More information about the Gnupg-devel mailing list