Creating signatures with expiration time
Jesus Cea
jcea at jcea.es
Thu Apr 14 11:45:07 CEST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 14/04/11 06:05, Daniel Kahn Gillmor wrote:
> On 04/13/2011 10:43 PM, Jesus Cea wrote:
>> My idea was to create a signature with a expiration date, so signatures
>> should be renewed every year. The OpenPGP Standard documents this type
>> of signature <http://tools.ietf.org/html/rfc4880#section-5.2.3.10>, but
>> GPG doesn't seems to have the option to create them.
>
> Look in the man pages for --default-cert-expire and --ask-cert-expire.
>
> If these do what you want, you can also set them in ~/.gnupg/gpg.conf so
> that you don't have to supply them on the command line every time.
Thanks, Daniel. Looking the manual, I see "--default-sig-expire" and
"--ask-sig-expire" too. What is the difference with "cert"?.
Maybe "cert" only ask for expiration when signing a key, while "sig"
always ask for an expiration for any kind of signature?
- --
Jesus Cea Avion _/_/ _/_/_/ _/_/_/
jcea at jcea.es - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
jabber / xmpp:jcea at jabber.org _/_/ _/_/ _/_/_/_/_/
. _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQCVAwUBTabCI5lgi5GaxT1NAQKs4AP/c4f3Lo2gIhma+i2AOhFo7e/FgsVuTdkq
Q/GFPDg6DwVRQHHkg4LVPO70Dq2dGDJYm7N3AANpNpk0eOADCVjikqPOwjut4ZKY
T9aCj9kpOX4QlP+ECpJFQYe7P//i+TaeWWZ5EnebLuvKVR0uq9P3K7vfO17ZOTAC
EsUQRIe312A=
=GnOP
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list