Future time: --ignore-time-conflict and --ignore-valid-from not working (gpg-1.4.6)

Werner Koch wk at gnupg.org
Mon Jan 29 08:34:31 CET 2007


On Mon, 29 Jan 2007 05:33, bgat at billgatliff.com said:

> I have a key that will be imported into a system with no real-time 
> clock.  On that machine, the system time gets set to the Epoch at 
> startup, thus the key always looks as though it was created "1169836499 

Without a real time clock you should be more concerned about true
random numbers than _warnings_ like:

> gpg: Signature made Sun Jan 28 05:07:57 2007 UTC using DSA key ID A7E0150C
> gpg: key A7E0150C was created 1169836499 seconds in the future (time 

I assume here that such a platform as also other contrainsts than just
the RTC.  Having good and unpredictbale random numbers is crucial to
the security of the key.  Creating DSA signatures also requires a good
RNG as well as some other subsystems.

> A lot of Googling and reading the manpage seems to suggest that the two 
> --ignore- parameters should get me what I'm after, but it doesn't seem 
> to be the case.  In particular, I don't want to have to press a key when 
> the warnings are emitted, because this will be an unattended operation.

A warning is just a warning and does not aks you to press a key.


Salam-Shalom,

   Werner




More information about the Gnupg-users mailing list