gpg 1.0.5: unusable secret key

David Champion dgc@uchicago.edu
Thu Jun 14 18:26:02 2001


On 2001.06.14, in <874rtjccf0.fsf@alberti.gnupg.de>,
	"Werner Koch" <wk@gnupg.org> wrote:

>
> No. It is just that v3 keys are deprecated anyway and the solution
> for v4 keys is much simpler: just change the expiration time of the
> key.
>
> I don't think that there so many expired v3 keys out that it is worth
> to add option/command 166 to gpg ....
I think you have a point, if that's true. I'm just not certain that it is -- I found two in the course of examining this issue, and one isn't mine.
> Hmmm, we have --ignore-time-conflict and other strange options.
> So in this light my arguments are not so sound. Okay, what about
> --allow-expired-keys ?
Sounds fine to me, but are there any other invalid key situations that should be allowed, and can be covered with a single option? OK, so now that's over with, I have a complication to throw in. After you mentioned that this is a v3 key issue, it took me a little while to catch on that you were saying that I had a v3 key. That sounded wrong to me, so: $ gpg --export AB61503F | gpg --list-packets | grep version version 4, algo 17, created 944718693, expires 0 version 4, created 963829115, md5len 0, sigclass 10 version 4, created 963829282, md5len 0, sigclass 10 version 4, created 963829325, md5len 0, sigclass 13 version 4, created 963829373, md5len 0, sigclass 10 version 4, created 944718693, md5len 0, sigclass 13 version 4, algo 16, created 944718806, expires 0 version 4, created 964132837, md5len 0, sigclass 18 AB61503F is the key I've been talking about. It's a v4 key. smack (++umail) pts/4 11:04:43 dgc [406/0]: gpg-1.0.6 --edit-key AB61503F ... gpg: key AB61503F.59: expired at Wed Jan 31 23:51:33 2001 CST pub 1024D/AB61503F created: 1999-12-09 expires: 2001-02-01 trust: m/e sub 1024g/07D6E6DD created: 1999-12-09 expires: never ... smack (++umail) pts/4 11:05:03 dgc [407/0]: gpg-1.0.3 --edit-key AB61503F ... pub 1024D/AB61503F created: 1999-12-09 expires: never trust: m/u sub 1024g/07D6E6DD created: 1999-12-09 expires: never ... I can change the expiration time on the key, but is that really useful? If I understand things, I can't resubmit it to a keyserver, so for everyone else in the world who I don't send the updated key to myself, the key will remain expired. It seems that I should change the expiration just enough to generate and release a new key. Does anyone disagree with that? ... or is this a different kind of problem? (I'm not sure why you assumed it was v3 -- whether I misunderstood something in the context of the original message in this thread, or whether there might be some other issue involved.) Thanks. -- -D. dgc@uchicago.edu NSIT University of Chicago