Expired keys

Neil Williams linux at codehelp.co.uk
Thu Nov 13 21:02:41 CET 2003

On Wednesday 12 Nov 2003 4:00 am, David Shaw wrote:
> On Sat, Nov 01, 2003 at 09:03:28PM +0000, Neil Williams wrote:
> > A colleague has just changed the expiry date of his key to extend from
> > 31/10/3 to never.  (keyid 0x8f455606)
> > --check-sigs now displays:
> > sig!3     X 28BCB3E3 2003-02-03   Neil Williams (CodeHelp)
> > If I try to re-sign the key I get:
> > Command> sign
> > "<name>" was already signed by key 28BCB3E3
> > Nothing to sign with key 28BCB3E3
> While the key may still be valid, the expired signature is not the
> reason.  An expired signature is not counted in the web of trust.
> Check if there is another signature on the key in question that is

(Been away, hence the time-lag).

Yes, there is just one. (An old sig that didn't use the 1,2 or 3 trust 
indication - is that why it's got no expiry?) It's the only sig, apart from 
self-sigs, that is still unlimited expiry.

> giving it some validity.  Check also if your trustdb is out of date.

Checked and Updated again today.

> Sure, just try and sign it again.  You should get a:
>   Your current signature on "(whoever)" has expired.
>   Do you want to issue a new signature to replace the expired one? (y/N)

No, I'm still getting:
already signed by key 28BCB3E3
Nothing to sign with key 28BCB3E3

I have two keys and I used delsig in the --edit-key shell to delete the 
signature made by my lesser-used key. I was then able to re-sign the key and 
that sig is now showing up on my own keyring as unlimited.

Is there a better way of fixing the expired sig for my main key?

What will happen if I send this key to a keyserver?

What will happen if I refresh this key from a keyserver?


Neil Williams

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20031113/fb227ddc/attachment.bin

More information about the Gnupg-users mailing list