On 16/06/17 08:17, listo factor via Gnupg-users wrote: >> An expired key will definitely not be able to issue valid >> signatures after the expiration date. > > There is nothing ~in the key itself~ that prevents any key from > being used to create signatures
There is nothing ~in the key itself~ that makes a signature /valid/ or not. It's either correct or incorrect, but I distinctly said /valid/. The OpenPGP-compatible software that checks the signature is what decides whether the signature is valid or not, and a signature carrying a timestamp later than the expiry date of the key will not be considered valid. > some arbitrary external information (computer system date) I was talking about timestamps included in the key (expiry date) and signature (signature creation time), not about the system time of the system doing verification. On the other hand, stuff appearing to be from the future is usually rejected outright, so the system time is somewhat involved. > The key expiration date should therefore be considered a only > ~suggestion~, and not a ~limitation~ for creating or not creating > signatures. It's true it's not a limitation on creating signatures. But the interesting bit isn't the creation of signatures. It's verifying the validity of signatures, which is very much /limited/ by other factors than just the raw key material, not merely suggested. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
