Revoked keys and past signatures

Hugo Osvaldo Barrera hugo at barrera.io
Sun Feb 8 20:06:52 CET 2015


I revoked my gpg key yesterday because it was superceded by a newer one.

Now recepients of my messages during the last few years are getting a warning
that the key is invalid - even though it was perfectly valid the date the
messages were signed:

  gpg: Signature made 2015-02-05T19:28:21 ART using RSA key ID 1BFBED44
  gpg: Good signature from "Hugo Osvaldo Barrera <hugo at barrera.io>" [unknown]
  gpg: WARNING: This key has been revoked by its owner!
  gpg:          This could mean that the signature is forged.
  gpg: reason for revocation: Key is superseded
  gpg: revocation comment: Superseded by 0x28C61189.
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: AA73 5C33 E081 E0D2 C945  5B12 873C F207 1BFB ED44

Did I do something wrong? Isn't the revokation date compared to the signature
date?

Does this mean that if someone revokes their key today, *all past* signatures
become invalid?

-- 
Hugo Osvaldo Barrera
A: Because we read from top to bottom, left to right.
Q: Why should I start my reply below the quoted text?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: </pipermail/attachments/20150208/4bfe64bc/attachment.sig>


More information about the Gnupg-users mailing list