Creating signatures with expiration time
David Shaw
dshaw at jabberwocky.com
Thu Apr 14 15:24:23 CEST 2011
On Apr 14, 2011, at 5:45 AM, Jesus Cea wrote:
> On 14/04/11 06:05, Daniel Kahn Gillmor wrote:
>> On 04/13/2011 10:43 PM, Jesus Cea wrote:
>>> My idea was to create a signature with a expiration date, so signatures
>>> should be renewed every year. The OpenPGP Standard documents this type
>>> of signature <http://tools.ietf.org/html/rfc4880#section-5.2.3.10>, but
>>> GPG doesn't seems to have the option to create them.
>>
>> Look in the man pages for --default-cert-expire and --ask-cert-expire.
>>
>> If these do what you want, you can also set them in ~/.gnupg/gpg.conf so
>> that you don't have to supply them on the command line every time.
>
> Thanks, Daniel. Looking the manual, I see "--default-sig-expire" and
> "--ask-sig-expire" too. What is the difference with "cert"?.
"cert" is short for certification. "sig" is short for signature. Basically, cert applies when signing keys, and sig applies when signing data (i.e. anything that isn't a key).
David
More information about the Gnupg-users
mailing list