Expiration and V3/V4 self signatures

Werner Koch wk at gnupg.org
Tue May 7 11:07:01 CEST 2002

On Tue, 07 May 2002 09:43:44 +0200, Florian Weimer said:

> * packet.h, parse-packet.c (parse_key), getkey.c (merge_keys_and_selfsig,
> merge_selfsigs_main): a v3 key with a v4 self-sig must never let the v4
> self-sig express a key expiration time that extends beyond the original v3
> expiration time.

> * keyedit.c (sign_uids): If --expert it set, allow re-signing a uid to
> promote a v3 self-sig to a v4 one.  This essentially deletes the old v3
> self-sig and replaces it with a v4 one.

> Don't these two features conflict with each other?

No.  Why should they?

As you know the expiration time in a v3 key is stored unchangeable
with the key whereas it is store in a self-signature with a v4 key.
The first change makes sure that the expiration time from a v4
signature on a v3 key can not be used to extend the expiration time
over the one set with the v3 key and the latter change simply promotes
a v3 self-signature to a v4 self-signature with an expiration time
(set to the one from the v3 key).


More information about the Gnupg-devel mailing list