No validity status with expired keys
Kurt Fitzner
kfitzner at excelcia.org
Tue May 3 12:56:06 CEST 2005
The following command line:
gpg --status-fd=2 --verify anyfile.sig
fails to output any trust information if the key used to create
anyfile.sig is an expired key. Thus it is impossible to tell if the key
is considered trusted. It is my understanding that it is considered a
valid use of an expired key to validate signatures created before the
key expired. Should not then the trust model be applied to expired key?
Kurt Fitzner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 546 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050503/a06111cf/signature.pgp
More information about the Gnupg-devel
mailing list