On Wed, 13 Aug 2008 05:31, [EMAIL PROTECTED] said: >> Note that in some instances, GnuPG will use an ISO date format as >> opposed to seconds-since-Epoch. > Is this for non-Unix-like systems or is it something completely different?
Well we use it for all parts of GnuPG-2 except for gpg. The reason for this are problems with time_t. On a 32 bit system time_t is usually also 32 bit and far worse it is a signed integer. That means that in January 2038 time_t will overflow and almost all applications will stop working because virtually no application (or better OS) can cope with the then negative value. According to ISO C, there is no need for time_t being signed but most OS implement it this way, probably to make error handling easier (some functions return (time_t)(-1) to indicate an error). OpenPGP also uses such an Epoch time but as an unsigned 32 bit value, thus it will last until 2106 (expire time even longer because it is expressed as seconds since key creation). gpg should cope correctly with dates beyond 2038 but it can't display them on most systems due to lack of support in the OS. The easiest way to solve the problems would be to change time_t on 32 bit systems to a 64 bit type. On GNU/Linux this could even be done without breaking old applications but the maintainer of glibc is not interested in such a change because he considers time_t the wrong type to track calendar dates. Given that already today some X.509 certificates have a expiration date after 2038 (yes, that is a stupid understanding of security) we could not easily use time_t. To have a general solution, we tried to implement a new time API (see Markus Kuhn's website for details). The problem with that is that this implementation should be portable to all systems. That turned out to be a major problem: Too many functions in libc make use of time_t and they are all interweaved (think only of strftime and printf) and thus it is really hard to replace them. We canceled that project and instead use a simple approach for gpgsm: The type we use for calendar time is typedef char gnupg_isotime_t[16]; which takes an ISO string like "20080813T081500". There are a few supporting functions because such a type can't be handled as easy as a scalar value. It turned out that this type is pretty easy to use and fulfills all requirements in certificate processing. Shalom-Salam, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users