gpg 1.0.5: unusable secret key
David Champion
dgc@uchicago.edu
Thu Jun 14 18:26:02 2001
On 2001.06.14, in <874rtjccf0.fsf@alberti.gnupg.de>,
"Werner Koch" <wk@gnupg.org> wrote:
>
> No. It is just that v3 keys are deprecated anyway and the solution
> for v4 keys is much simpler: just change the expiration time of the
> key.
>
> I don't think that there so many expired v3 keys out that it is worth
> to add option/command 166 to gpg ....
I think you have a point, if that's true. I'm just not certain that it
is -- I found two in the course of examining this issue, and one isn't
mine.
> Hmmm, we have --ignore-time-conflict and other strange options.
> So in this light my arguments are not so sound. Okay, what about
> --allow-expired-keys ?
Sounds fine to me, but are there any other invalid key situations that
should be allowed, and can be covered with a single option?
OK, so now that's over with, I have a complication to throw in. After
you mentioned that this is a v3 key issue, it took me a little while to
catch on that you were saying that I had a v3 key. That sounded wrong
to me, so:
$ gpg --export AB61503F | gpg --list-packets | grep version
version 4, algo 17, created 944718693, expires 0
version 4, created 963829115, md5len 0, sigclass 10
version 4, created 963829282, md5len 0, sigclass 10
version 4, created 963829325, md5len 0, sigclass 13
version 4, created 963829373, md5len 0, sigclass 10
version 4, created 944718693, md5len 0, sigclass 13
version 4, algo 16, created 944718806, expires 0
version 4, created 964132837, md5len 0, sigclass 18
AB61503F is the key I've been talking about. It's a v4 key.
smack (++umail) pts/4 11:04:43 dgc [406/0]: gpg-1.0.6 --edit-key AB61503F
...
gpg: key AB61503F.59: expired at Wed Jan 31 23:51:33 2001 CST
pub 1024D/AB61503F created: 1999-12-09 expires: 2001-02-01 trust: m/e
sub 1024g/07D6E6DD created: 1999-12-09 expires: never
...
smack (++umail) pts/4 11:05:03 dgc [407/0]: gpg-1.0.3 --edit-key AB61503F
...
pub 1024D/AB61503F created: 1999-12-09 expires: never trust: m/u
sub 1024g/07D6E6DD created: 1999-12-09 expires: never
...
I can change the expiration time on the key, but is that really
useful? If I understand things, I can't resubmit it to a keyserver, so
for everyone else in the world who I don't send the updated key to
myself, the key will remain expired. It seems that I should change the
expiration just enough to generate and release a new key. Does anyone
disagree with that?
... or is this a different kind of problem? (I'm not sure why you
assumed it was v3 -- whether I misunderstood something in the context
of the original message in this thread, or whether there might be some
other issue involved.)
Thanks.
--
-D. dgc@uchicago.edu NSIT University of Chicago