Key import - time warp or clock problem
Charly Avital
shavital@netbox.com
Tue Sep 2 16:43:02 2003
--============_-1149608579==_ma============
Content-Type: text/plain; charset="us-ascii"
Have you enabled, at your end, the following two options (quoting from man
gpg):
--ignore-time-conflict
GnuPG normally checks that the timestamps
associated with keys and signatures have plausi-
ble values. However, sometimes a signature
seems to be older than the key due to clock
problems. This option makes these checks just a
warning. See also --ignore-valid-from for
timestamp issues on subkeys.
--ignore-valid-from
GnuPG normally does not select and use subkeys
created in the future. This option allows the
use of such keys and thus exhibits the pre-1.0.7
behaviour. You should not use this option
unless you there is some clock problem. See
also --ignore-time-conflict for timestamp issues
with signatures.
The fact that the key shows now subkey might be due to:
- it's a "legacy" key, without subkey.
Or,
- because of the possible time problem ("GnuPG normally does not select and
use subkeys created in the future"...).
Charly
Mac OS 10.2.6 - Gnupg 1.2.3
At 7:04 PM -0400 9/1/03, osxvoodoo wrote:
[...]
>
>key XXXXXXX has been created 4133 seconds in future (time warp or clock
>problem)
>
>After messing with it a bit I managed to get it imported. Then I
>started looking at the key and noticed he has no subkey. This is what I
>get if I do a --list-keys
>
>gpg: key XXXXXXXX has been created 4133 seconds in future (time warp or
>clock problem)
>pub 1024D/XXXXXXXX 2003-09-01 Mr. Name <mrname@isp.com>
>
>Thats it - no subkey listed!
>
>So what now... how do I get him out of this mess with the least amount
>of trouble on his end?
>What needs to be done to his key?
[...]
--============_-1149608579==_ma============
Content-Type: text/html; charset="us-ascii"
<!doctype html public "-//W3C//DTD W3 HTML//EN">
<html><head><style type="text/css"><!--
blockquote, dl, ul, ol, li { padding-top: 0 ; padding-bottom: 0 }
--></style><title>Re: Key import - time warp or clock
problem</title></head><body>
<div>Have you enabled, at your end, the following two options (quoting from
man gpg):</div>
<div><font face="Lucida Grande" size="-1"
color="#000000"> </font><font
color="#000000">--ignore-time-conflict<br>
<x-tab> </x-tab><x-tab> </x-tab>
GnuPG<x-tab> </x-tab>normally checks that<x-tab>
</x-tab> the timestamps<br>
<x-tab>
</x-tab><x-tab> </x-tab>
associated with keys and signatures have plausi-<br>
<x-tab>
</x-tab><x-tab> </x-tab> ble
values.<x-tab> </x-tab>However, sometimes
a<x-tab> </x-tab>signature<br>
<x-tab>
</x-tab><x-tab> </x-tab>
seems<x-tab> </x-tab>to be<x-tab> </x-tab>older
than the key due to clock<br>
<x-tab>
</x-tab><x-tab> </x-tab>
problems. This option makes these checks just a<br>
<x-tab>
</x-tab><x-tab> </x-tab>
warning. See also<x-tab> </x-tab>
--ignore-valid-from for</font></div>
<div><font color="#000000"><x-tab>
</x-tab><x-tab> </x-tab> timestamp
issues on subkeys.</font></div>
<div><font color="#000000"><br></font></div>
<div><font color="#000000">--ignore-valid-from</font></div>
<div><font color="#000000"><x-tab>
</x-tab><x-tab> </x-tab> GnuPG
normally does not select and use subkeys<br>
<x-tab>
</x-tab><x-tab> </x-tab>
created in the future. This option allows the<br>
<x-tab>
</x-tab><x-tab> </x-tab> use of
such keys and thus exhibits the pre-1.0.7<br>
<x-tab>
</x-tab><x-tab> </x-tab>
behaviour. You should not<x-tab>
</x-tab>use this option<br>
<x-tab>
</x-tab><x-tab> </x-tab> unless
you there is some clock problem. See<br>
<x-tab>
</x-tab><x-tab> </x-tab> also
--ignore-time-conflict for timestamp issues</font></div>
<div><font color="#000000"><x-tab>
</x-tab><x-tab> </x-tab> with
signatures.</font></div>
<div><font color="#000000"><br></font></div>
<div><br></div>
<div>The fact that the key shows now subkey might be due to:</div>
<div>- it's a "legacy" key, without subkey.</div>
<div>Or,</div>
<div>- because of the possible time problem ("GnuPG normally does not
select and use subkeys created in the future"...).</div>
<div><br></div>
<div>Charly</div>
<div>Mac OS 10.2.6 - Gnupg 1.2.3</div>
<div><br></div>
<div>At 7:04 PM -0400 9/1/03, osxvoodoo wrote:</div>
<div>[...]</div>
<div>><br>
>key XXXXXXX has been created 4133 seconds in future (time warp or
clock<br>
>problem)<br>
><br>
>After messing with it a bit I managed to get it imported. Then I<br>
>started looking at the key and noticed he has no subkey. This is what
I<br>
>get if I do a --list-keys<br>
><br>
>gpg: key XXXXXXXX has been created 4133 seconds in future (time warp
or<br>
>clock problem)<br>
>pub 1024D/XXXXXXXX 2003-09-01 Mr. Name <mrname@isp.com><br>
><br>
>Thats it - no subkey listed!<br>
><br>
>So what now... how do I get him out of this mess with the least
amount<br>
>of trouble on his end?</div>
<div>>What needs to be done to his key?</div>
<div>[...]</div>
</body>
</html>
--============_-1149608579==_ma============--