Re: Extending Expiration Date of an Already-Expired GPG Key

[Todd Zullinger <tmz@xxxxxxxxx>]

Anne Wilson wrote:
> On Sunday 22 February 2009 08:16:04 Ed Greshko wrote:
>> That info came from the OpenPGP key management gui....
>>
>> [egreshko@misty Jia-Ying]$ gpg --list-sigs cochranb@xxxxxxxxxxxxx
>> pub   1024D/C2C60518 2008-01-19 [expires: 2010-02-21]
>> uid                  Robert L. Cochran (Greenbelt) <cochranb@xxxxxxxxxxxxx>
>> sig          31014A12 2008-02-14  [User ID not found]
>> sig 3        C2C60518 2009-02-21  Robert L. Cochran (Greenbelt)
>> <cochranb@xxxxxxxxxxxxx>
>> sig 3        C2C60518 2008-01-19  Robert L. Cochran (Greenbelt)
>> <cochranb@xxxxxxxxxxxxx>
>> sig       X  CA57AD7C 2008-02-03  [User ID not found]
>
> C2C60518 gives the 2010 expiry date, as it says above.  However,
> CA57AD7C shows on mine as expiring on 18/01/09.  I wonder why that
> is, and whether that is the cause of the problem?

CA57AD7C is the keyid of the PGP Global Directory Verification Key.
It always generates signatures that expire in a few weeks.

> There are some screwy things going on with gpg at the moment.
> Yesterday I opened Robert's message and got a no-key, imported it,
> and all seemed well.  This morning the same message shows 'bad
> signature'.  Something wrong, or something not updated yesterday?  I
> don't know.

The signed message Robert sent earlier in this thread has a bad
signature because something (most likely his mail client) word wrapped
the message after gpg had signed it.  I saved the message, unwrapped
the one long line and verified the signature.

FWIW, the subkey on Robert's key is still expired.  This make
encrypting to his key difficult.  In gpg, this is managed separately
from the primary key.  And again, it's acceptable to extend the
expiration date or generate a new encryption subkey.  In this case,
generating a new key has less downsides, because you don't lose any
signatures you have acquired on your key (since those signatures are
on the primary key, not the subkey).

$ gpg --list-options show-unusable-subkeys --list-sigs C2C60518
pub   1024D/C2C60518 2008-01-19 [expires: 2010-02-21]
uid                  Robert L. Cochran (Greenbelt) <cochranb@xxxxxxxxxxxxx>
sig          31014A12 2008-02-14  [User ID not found]
sig 3        C2C60518 2009-02-21  Robert L. Cochran (Greenbelt) <cochranb@xxxxxxxxxxxxx>
sig 3        C2C60518 2008-01-19  Robert L. Cochran (Greenbelt) <cochranb@xxxxxxxxxxxxx>
sig       X  CA57AD7C 2008-02-03  PGP Global Directory Verification Key
sub   2048g/48FE9C94 2008-01-19 [expired: 2009-01-18]
sig          C2C60518 2008-01-19  Robert L. Cochran (Greenbelt) <cochranb@xxxxxxxxxxxxx>

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The trouble with being punctual is that nobody's there to appreciate it.
    -- Franklin P. Jones

Attachment: pgp8SjTmeEGwu.pgp
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines