Bug: PGP & GNUPG
Werner Koch
wk at gnupg.org
Fri Jul 20 12:44:01 CEST 2001
On Fri, 20 Jul 2001 15:51:10 +0800 (WST), Anthony Goggins said:
> I created a DH/DSS Diffie-Helman 4096 key in PGP, with
> multiple sub-keys. First one is from 2001-7-7 to
> 2002-1-7, and the other from 2002-1-7 to 2002-7-7. I
You mean that it is possible with PGP to create subkeys with
timestamps in the future? And with the "to 2002-17" you mean an
expiration time I guess.
I was not aware that this is possible. OTOH, prefactoring shortlived
keys makes indeed sense - but in most cases only if you can assure
that the secret part of those future keys are stored more securly
(i.e. offline) than the current key. I would have appreciated if NAI
had raised this on the OpenPGP WG, so that other implementors are
aware of such a feature and we might have been able to add some notes
to rfc2440bis.
As a workaround use --ignore-time-conflict , which makes the errors
just a warning.
--
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus
More information about the Gnupg-devel
mailing list