What causes this bad signature

Peter Lebbing peter at digitalbrains.com
Wed Nov 18 19:33:14 CET 2015


On 18/11/15 16:59, david at gbenet.com wrote:
> 0x5E5CCCB4A4BF43D7 has expired - that's the only thing "bad" about it.

I could not reproduce this:

> $ gpg2 -k 2C53B2ED
> pub   rsa2048/2C53B2ED 2015-08-21 [expired: 2015-08-28]
> uid         [ expired] Test Teststra Jr. <testjr at example.com>

> $ gpg2 --check-sig DCDFDFA4
> gpg: 8 good signatures
> pub   rsa1024/DCDFDFA4 2012-03-17 [expires: 2015-11-19]
> uid         [ unknown] Test Teststra (Koning van Wezel) <test at example.invalid>
> sig!3        DCDFDFA4 2015-11-18  Test Teststra (Koning van Wezel) <test at example.invalid>
> sig!         2C53B2ED 2015-11-18  Test Teststra Jr. <testjr at example.com>
> uid         [ unknown] Test Teststra <test at work.invalid>
> rev!         DCDFDFA4 2014-08-14  Test Teststra (Koning van Wezel) <test at example.invalid>
> sig!3        DCDFDFA4 2014-08-13  Test Teststra (Koning van Wezel) <test at example.invalid>
> sig!3        DCDFDFA4 2015-11-18  Test Teststra (Koning van Wezel) <test at example.invalid>
> sig!         17C05EBD 2015-05-22  ceo at example.org
> sig!         2C53B2ED 2015-11-18  Test Teststra Jr. <testjr at example.com>
> sub   rsa1024/77A3395A 2012-03-17
> sig!         DCDFDFA4 2012-03-17  Test Teststra (Koning van Wezel) <test at example.invalid>

I have just now issued a signature on 0xDCDFDFA4 with 0x2C53B2ED. To do
that, I had to unexpire the latter, but I first made a backup of the
expired key. After putting the expired key back, the signature is still
shown as succesfully verified, not as bad.

So a signature by an expired key is not necessarily seen as a bad
signature. Either your explanation is incomplete or it is incorrect...

But thanks for looking into it! I never thought anything of the fact it
was expired; I probably never noticed?

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list