What causes this bad signature
Peter Lebbing
peter at digitalbrains.com
Wed Nov 18 19:33:14 CET 2015
On 18/11/15 16:59, david at gbenet.com wrote:
> 0x5E5CCCB4A4BF43D7 has expired - that's the only thing "bad" about it.
I could not reproduce this:
> $ gpg2 -k 2C53B2ED
> pub rsa2048/2C53B2ED 2015-08-21 [expired: 2015-08-28]
> uid [ expired] Test Teststra Jr. <testjr at example.com>
> $ gpg2 --check-sig DCDFDFA4
> gpg: 8 good signatures
> pub rsa1024/DCDFDFA4 2012-03-17 [expires: 2015-11-19]
> uid [ unknown] Test Teststra (Koning van Wezel) <test at example.invalid>
> sig!3 DCDFDFA4 2015-11-18 Test Teststra (Koning van Wezel) <test at example.invalid>
> sig! 2C53B2ED 2015-11-18 Test Teststra Jr. <testjr at example.com>
> uid [ unknown] Test Teststra <test at work.invalid>
> rev! DCDFDFA4 2014-08-14 Test Teststra (Koning van Wezel) <test at example.invalid>
> sig!3 DCDFDFA4 2014-08-13 Test Teststra (Koning van Wezel) <test at example.invalid>
> sig!3 DCDFDFA4 2015-11-18 Test Teststra (Koning van Wezel) <test at example.invalid>
> sig! 17C05EBD 2015-05-22 ceo at example.org
> sig! 2C53B2ED 2015-11-18 Test Teststra Jr. <testjr at example.com>
> sub rsa1024/77A3395A 2012-03-17
> sig! DCDFDFA4 2012-03-17 Test Teststra (Koning van Wezel) <test at example.invalid>
I have just now issued a signature on 0xDCDFDFA4 with 0x2C53B2ED. To do
that, I had to unexpire the latter, but I first made a backup of the
expired key. After putting the expired key back, the signature is still
shown as succesfully verified, not as bad.
So a signature by an expired key is not necessarily seen as a bad
signature. Either your explanation is incomplete or it is incorrect...
But thanks for looking into it! I never thought anything of the fact it
was expired; I probably never noticed?
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list