Problem with faked-system-time option

MFPA expires2011 at
Sun Jun 12 15:23:19 CEST 2011

Hash: SHA512


On Wednesday 8 June 2011 at 4:36:52 PM, in
<mid:20110608153652.4F1508C074 at>, Amano Corunga wrote:

>>The batch key generation and that parameter is
>>supported by all versions.

> I gladly confirm it really works - Great!  GPG1 key
> creation problem solved.

It would be really good if this could be used to create multiple
subkeys, and when adding UIDs, subkeys, signatures, etc. to existing

> But is there an equivalent for determining signature
> timestamps?

That would be an interesting feature. It is already available to
anybody who can change their system clock time (or use an app to pass
a fake time to gnupg).

> It's fair to say that GnuPG is one of the most
> important privacy tools out there.  It protects data
> from unauthorized access, with 'throw-keyids' the
> recipient's identity is hidden, but why in the world do
> I involuntarily have to allow others to gain sensitive
> information about my time management with each mail I
> sign?  I don't quite understand why that's of minor
> importance to others.

Some people labour under the misapprehension that the signature time
is significant and has potential legal implications.

> If OTOH you're aiming at a signature with a trusted
> timestamp in no way whatsoever the local computer's
> system clock can replace a validated time stamp service.

Unless the emails are sent via some form of "trusted" timestamp
service, signature timestamp means nothing. And even then, what gets
verified is the time/date of sending and *not* the time/date of

> So why not allow
> everybody to specify signatures' timestamps directly
> instead of making that option accessible only to those
> who are permitted to change their Windows computer's
> system time (thanks Daniel for your Linux advice) and
> tolerant against all the adverse side effects arising
> from that manipulation?

And why not allow the user to adjust the granularity of the timestamp?
For example specifying the date but no time, or simply indicating the
year and month?

- --
Best regards

MFPA                    mailto:expires2011 at

Change is inevitable except from a vending machine


More information about the Gnupg-users mailing list