encrypting to expired certificates

vedaal at nym.hush.com vedaal at nym.hush.com
Tue Sep 16 21:30:53 CEST 2014


On 9/16/2014 at 2:56 PM, "Hauke Laging" <mailinglisten at hauke-laging.de> wrote:

>What I want would make life easier mostly for the contacts of 
>those who 
>don't manage their keys well.

=====

Which is especially reasonable,
since it seems that the option of '--faked-system-time' (which used to work on earlier versions of GnuPG 2.x),
but doesn't work on current versions of 2.x, and never worked on 1.x, now make it especially cumbersome to encrypt to an expired key, 
(by requiring changing the system clock and changing it back again).

As the '--faked-system-time' option is interesting,  maybe re-implementing it in both 2.x and 1.x might be an easy workaround in those cases where a user has forgotten to update an expired key.

With regard to the resulting sign and encrypt problem, a simple workaround would be to clearsign first, and the encrypt the clearsigned mesage with the  '--faked-system-time' option .


vedaal




More information about the Gnupg-users mailing list