signatures from revoked key, trusted?

Gabriel Philippe gabri.philippe at gmail.com
Fri Sep 2 11:13:09 CEST 2016


Hi,

A friend sends me signed messages wich signature is said correct by
GnuPG: "good signature from...".

I have just noticed I had signed his key with my old key, which is now
revoked in my keyring. So why does GnuPG consider the signature
correct? I would expect that, since I have revoked my old key, all
certifications done with this key should not be trusted anymore.

-- 
Gabriel



More information about the Gnupg-users mailing list