Extending Expiration Date of an Already-Expired GPG Key

Robert L Cochran cochranb at speakeasy.net
Sun Feb 22 16:32:42 UTC 2009 

Todd Zullinger wrote:
>> There are some screwy things going on with gpg at the moment.
>> Yesterday I opened Robert's message and got a no-key, imported it,
>> and all seemed well.  This morning the same message shows 'bad
>> signature'.  Something wrong, or something not updated yesterday?  I
>> don't know.
>>     
>
> The signed message Robert sent earlier in this thread has a bad
> signature because something (most likely his mail client) word wrapped
> the message after gpg had signed it.  I saved the message, unwrapped
> the one long line and verified the signature.
>   

How do I fix this -- I'm using Thunderbird on Fedora 7 on my desktop
machine. However, I travel a fair amount and when I do, I tar up my
.thunderbird directory and scp it to my laptop, which is running Fedora
10. That lets me download and filter my email with the same mail client,
although different versions of it.

When I return home from my trip I then tar up the .thunderbird directory
on the laptop and scp it back to the desktop.

I wonder if this habit contributed to the word wrapping which then
locked up Anne's machine.

I suppose I had better do something about updating my desktop OS...and
do it soon.
> FWIW, the subkey on Robert's key is still expired.  This make
> encrypting to his key difficult.  In gpg, this is managed separately
> from the primary key.  And again, it's acceptable to extend the
> expiration date or generate a new encryption subkey.  In this case,
> generating a new key has less downsides, because you don't lose any
> signatures you have acquired on your key (since those signatures are
> on the primary key, not the subkey).
>
> $ gpg --list-options show-unusable-subkeys --list-sigs C2C60518
> pub   1024D/C2C60518 2008-01-19 [expires: 2010-02-21]
> uid                  Robert L. Cochran (Greenbelt) <cochranb at speakeasy.net>
> sig          31014A12 2008-02-14  [User ID not found]
> sig 3        C2C60518 2009-02-21  Robert L. Cochran (Greenbelt) <cochranb at speakeasy.net>
> sig 3        C2C60518 2008-01-19  Robert L. Cochran (Greenbelt) <cochranb at speakeasy.net>
> sig       X  CA57AD7C 2008-02-03  PGP Global Directory Verification Key
> sub   2048g/48FE9C94 2008-01-19 [expired: 2009-01-18]
> sig          C2C60518 2008-01-19  Robert L. Cochran (Greenbelt) <cochranb at speakeasy.net>
>
>   
What is an acceptable way to fix this? Is there a way to remove the PGP
Global Directory signature or update it but still keep the one from
31014A12 -- that's the signature of someone working for NASA who met me
and signed my key.

Thanks

Bob

More information about the fedora-list mailing list