gpgv: checks the timestamps of the key

Ruke Wang ruke at servgate.com
Wed Feb 11 12:27:35 CET 2004


Hi there,

I have a question about how the gpgv command validate the timestamp of the
key and the signature.  As stated by the manpage "GnuPG normally checks that
the timestamps associated with keys and signatures have plausible values."

I have public key saved on my machine, and every time when verify a
signature, the program copies the key to be trustedkeys.pgp.  After
validation, trustedkeys.pgp is removed.  It works fine until one day I
changed my PC time back to some time in year of 2000, then the validation
failed saying the key is generated in the future time.  It still recognized
that the signature is generated sometime in year 2003.  How gpgv detect the
timestamp of the key then?  My situation may be weird, but I am curious for
the reason.

Thanks,
Ruke



More information about the Gnupg-users mailing list