keyserver problems with my key - "Key block corrupt: more than one signature on subkey"

David Shaw
Sun Apr 28 04:27:02 2002

On Sat, Apr 27, 2002 at 02:44:53PM -0400, wrote:
> A few days ago I was planning to meet someone to exchange fingerprints to
> sign keys.  We were attempting to exchange encrypted passwords beforehand
> to confirm in person, when he told me that the copy of my key he downloaded
> from a keyserver was not useable.  I have been able to replicate the
> problem, and the verbose output follows.  I would really appreciate input.
> I suspect the problem is related to these self-signatures:
> sub  1024g/2EEAB976 2000-09-05
> sig        0E9FF879 2000-09-05  Darxus <>
> sig        0E9FF879 2000-10-09  Darxus <>
> ..which I have guessed is a result of originally generating the key with an
> expiration date, and later removing the expiration date.
> My public key can be downloaded from

Your guess is right.  Your key was unusable because the subkey had expired.

The HKP keyservers, including the keyserver, cannot handle
an expiration time update on a subkey and will refuse to accept it.
There is not much you can do, unfortunately, unless you want to
contact each keyserver operator and get them to replace your key
individually.  This gets complex quickly with the keyservers
synchronizing with each other.

Try one of the CKS keyservers.  They do not have this problem.

One warning - do not try and make a new subkey with no expiration
date.  The HKP keyservers will mangle keys with multiple subkeys and
render all of the subkeys unusable.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson