gpg 1.0.5: unusable secret key
Werner Koch
wk@gnupg.org
Thu Jun 14 19:31:01 2001
|| On Thu, 14 Jun 2001 11:24:42 -0500
|| David Champion <dgc@uchicago.edu> wrote:
dc> gpg: key AB61503F.59: expired at Wed Jan 31 23:51:33 2001 CST
dc> pub 1024D/AB61503F created: 1999-12-09 expires: 2001-02-01 trust: m/e
dc> smack (++umail) pts/4 11:05:03 dgc [407/0]: gpg-1.0.3 --edit-key AB61503F
dc> ...
dc> pub 1024D/AB61503F created: 1999-12-09 expires: never trust: m/u
That's a bug in 1.0.3.
dc> I can change the expiration time on the key, but is that really
dc> useful? If I understand things, I can't resubmit it to a keyserver, so
There was a long discussion about this on the OpenPGP WG. However
OpenPGP specifies that the expiartion time is the the self-siganture
and therefore it can easily be changed because the self-signature is
not part of the key certicates by others.
Consider the expiration time as a notice of the key owner. If you
want that a particular (sub)key is not to be used anymore, you have to
issue a revocation certificate: Either with --revoked-key for the entire
key or with "revkey" from the edit menu for a subkey.
To change the expiaration time, you use the "expire" command in the
edit menu - I suggest that you do just this.
dc> ... or is this a different kind of problem? (I'm not sure why you
dc> assumed it was v3 -- whether I misunderstood something in the context
Oh, I assumed that you were familar with the "expire" command. Hmmm,
seems to be a topic for the FAQ.
Ciao,
Werner
--
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus