gpg key expiration time

gpg key expiration time

[Paul Garlick]

[-- Attachment #1: Type: text/plain, Size: 393 bytes --]

Hi Guix,

After renewing the expiration time of one's gpg key, and uploading the
updated key to Savannah, is it also necessary to update the
corresponding file in the keyring branch?

I notice from the log that, so far, none of the original files have
been updated.  Does this mean that the original validation is accepted
for new commits signed with an updated key?

Best regards,

Paul.





[-- Attachment #2: Type: text/html, Size: 728 bytes --]

Re: gpg key expiration time

[Tobias Geerinckx-Rice]

[-- Attachment #1: Type: text/plain, Size: 925 bytes --]

Hi Paul!

Paul Garlick 写道：
> After renewing the expiration time of one's gpg key, and 
> uploading the
> updated key to Savannah, is it also necessary to update the
> corresponding file in the keyring branch?

No.

> I notice from the log that, so far, none of the original files 
> have
> been updated.  Does this mean that the original validation is 
> accepted
> for new commits signed with an updated key?

Yes.

The expiry date is not embedded in your cryptographic key, merely 
attached to it as a signed ‘packet’.

Of course, OpenPGP has a reputation to maintain as the most 
confusing software on earth, so all these packets are stored 
together with your cryptographic key(s) in a single file that 
everyone calls your... ‘key’.

Anyway: Guix ignores expiry dates by design.  It merely verifies 
that each commit was signed with an authorised key.

Kind regards,

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]

Re: gpg key expiration time

[Paul Garlick]

Hi Tobias,

On Mon, 2021-03-15 at 18:24 +0100, Tobias Geerinckx-Rice wrote:

> The expiry date is not embedded in your cryptographic key, merely 
> attached to it as a signed ‘packet’.

Thanks. Got it!

Best regards,

Paul.