[gnupg-1.0.6] local signatures may be exportable

Florian Weimer Florian.Weimer at RUS.Uni-Stuttgart.DE
Fri Jul 27 17:01:01 CEST 2001


Thomas Roessler <roessler at does-not-exist.org> writes:

> > I've got a patch (against an earlier version of GnuPG) which does
> > similar things for implementing signature expiration and notation
> > data even with V3 issuer and signed keys.  (A V4 signature is
> > generated in this case as well.)
> 
> Like the attached patch?

Well, sort of.

Mine is a bit more complicated because it also works around the
protocol error in RFC 2440 related to V4 key expiration (V4 key
expiration time is not covered by certificates because it is only
contained in the self signature, not in the key material, in contrast
to V3 keys): If the key to be signed is a V4 key with an expiration
time set, a V4 signature is made which expires at that time, too (or
even earlier).

-- 
Florian Weimer 	                  Florian.Weimer at RUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898




More information about the Gnupg-devel mailing list