Best practice for periodic key change?

Ingo Klöcker kloecker at
Sat May 7 23:15:24 CEST 2011

On Saturday 07 May 2011, MFPA wrote:
> Hi
> On Friday 6 May 2011 at 10:18:29 PM, in
> <mid:BANLkTin2w8LJxYGHV3_5NpFbsiBhrP96XA at>, Jerome Baum
> wrote:
> >>> If my key expired yesterday, no-one can
> >>> forge a message with that key and claim it's from
> >>> today.
> >> 
> >> Never heard of a system clock that was wrong?
> > 
> > I'll give a summary reply here for everyone stating
> > it's still possible to make that signature. It's
> > possible if the master key is compromised. I was
> > assuming a sub-key with an expiration date.
> It is trivial to make that signature without compromising the master
> key.
> Suppose your master key is secure and offline but Mallory has control
> of your subkey that expired yesterday. Mallory can put their system
> clock back 24hrs to sign and send a message, and then truthfully
> claim the message was signed today. They can back up this claim with
> email headers and server logs demonstrating the clock discrepancy.

This explains why digital signatures with legally binding date often 
(always?) require a timestamp by a certified third party.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110507/03f29c1d/attachment-0001.pgp>

More information about the Gnupg-users mailing list