Creating signatures with expiration time

Jesus Cea jcea at jcea.es
Thu Apr 14 04:43:07 CEST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, everybody.

I have a corporate PGP key we use to sign employee keys to validate the
UID belonging to the corporation (that is, that the email present in the
key is actually assigned by us).

My idea was to create a signature with a expiration date, so signatures
should be renewed every year. The OpenPGP Standard documents this type
of signature <http://tools.ietf.org/html/rfc4880#section-5.2.3.10>, but
GPG doesn't seems to have the option to create them.

That is, when I create a signature, I have no way to introduce an
expiration date.

Am I missing anything?. I am using GPG 1.4.10. I would consider moving
to GPG 2 if necessary.

PS: We could manage with revocation signatures, but people would need to
refresh the keys. With a expired signatures people would need to refresh
to see the extension, so they would do.

- -- 
Jesus Cea Avion                         _/_/      _/_/_/        _/_/_/
jcea at jcea.es - http://www.jcea.es/     _/_/    _/_/  _/_/    _/_/  _/_/
jabber / xmpp:jcea at jabber.org         _/_/    _/_/          _/_/_/_/_/
.                              _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQCVAwUBTaZfO5lgi5GaxT1NAQJFEgQAnPvxbDaycAcvWS3s6dUhzVT3JW7GNee4
3W39hg/rbLYeiI9QDu4iWGCZpk8QH1D8nMDoJrTdv4U3YDvzKS571+3fnEJYISRd
dYxDE0kzW7/Ly4nA5KbZh3OxDbJKvvmd/AeS74ctqiUTf38p0qkLOnnnvluJGojx
qG7bp8dRYF4=
=qeft
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list