Creating signatures with expiration time
Michael Fladerer
fladerer at fnb.tu-darmstadt.de
Thu Apr 14 12:39:46 CEST 2011
On Thu Apr 14, 2011 at 11:45:07 +0200, Jesus Cea wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 14/04/11 06:05, Daniel Kahn Gillmor wrote:
> > On 04/13/2011 10:43 PM, Jesus Cea wrote:
> >> My idea was to create a signature with a expiration date, so signatures
> >> should be renewed every year. The OpenPGP Standard documents this type
> >> of signature <http://tools.ietf.org/html/rfc4880#section-5.2.3.10>, but
> >> GPG doesn't seems to have the option to create them.
> >
> > Look in the man pages for --default-cert-expire and --ask-cert-expire.
> >
> > If these do what you want, you can also set them in ~/.gnupg/gpg.conf so
> > that you don't have to supply them on the command line every time.
>
> Thanks, Daniel. Looking the manual, I see "--default-sig-expire" and
> "--ask-sig-expire" too. What is the difference with "cert"?.
>
> Maybe "cert" only ask for expiration when signing a key, while "sig"
> always ask for an expiration for any kind of signature?
>
Sorry, I obviously missed the keyword 'data' in 'data signature' when I
looked through the manpage. So dkg was right with --ask-cert-expire,
which prompts for an expiration date of the signature you're going to
perform.
Michael
--
---------------------------------------------------------------------
Michael Fladerer <fladerer at fnb.tu-darmstadt.de>
<fladerer at guug.de>
---------------------------------------------------------------------
GPG Key-ID: EE61F443
Key fingerprint: A56F FE73 5FCC 4FF1 2E72 360E ACE6 1874 EE61 F443
---------------------------------------------------------------------
More information about the Gnupg-users
mailing list