gpg 1.0.5: unusable secret key

Werner Koch wk@gnupg.org
Thu Jun 14 19:31:01 2001


 || On Thu, 14 Jun 2001 11:24:42 -0500
 || David Champion <dgc@uchicago.edu> wrote: 

 dc> gpg: key AB61503F.59: expired at Wed Jan 31 23:51:33 2001 CST
 dc> pub  1024D/AB61503F  created: 1999-12-09 expires: 2001-02-01 trust: m/e
      
 dc> smack (++umail) pts/4 11:05:03 dgc [407/0]: gpg-1.0.3 --edit-key AB61503F
 dc> ...
 dc> pub  1024D/AB61503F  created: 1999-12-09 expires: never      trust: m/u

That's a bug in 1.0.3.

 dc> I can change the expiration time on the key, but is that really
 dc> useful?  If I understand things, I can't resubmit it to a keyserver, so

There was a long discussion about this on the OpenPGP WG. However
OpenPGP specifies that the expiartion time is the the self-siganture
and therefore it can easily be changed because the self-signature is
not part of the key certicates by others.  

Consider the expiration time as a notice of the key owner.  If you
want that a particular (sub)key is not to be used anymore, you have to
issue a revocation certificate:  Either with --revoked-key for the entire
key or with "revkey" from the edit menu for a subkey.

To change the expiaration time, you use the "expire" command in the
edit menu - I suggest that you do just this.

 dc> ... or is this a different kind of problem?  (I'm not sure why you
 dc> assumed it was v3 -- whether I misunderstood something in the context

Oh, I assumed that you were familar with the "expire" command.  Hmmm,
seems to be a topic for the FAQ.

Ciao,

  Werner

-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus