public key newer than the signature
Charly Avital
shavital at mac.com
Sun Aug 10 23:04:23 CEST 2008
Ludwig Hügelschäfer wrote the following on 8/10/08 1:27 PM:
> Ludwig Hügelschäfer wrote on 09.08.2008 13:14 Uhr:
>> Hello,
>
>> the last weeks, when importing public keys I sometimes get:
>
>> "Öffentlicher Schlüssel %s ist %lu Sekunden jünger als die Unterschrift"
>
>> in english:
>
>> "public key %s is %lu second newer than the signature"
>
>> The indicated time interval is very large. What's running wrong? I tried
>> googling, but found nothing useful. I'm using gpg 1.4.9 on Mac OS X.
>
> When a routinely trust-db check took place today, I got the message:
>
> Öffentlicher Schlüssel FAEBD5FC ist 32370053 Sekunden jünger als die
> Unterschrift
>
> I assume, FAEBD5FC is very well known and in a lot of keyrings. Can
> somebody check please? 32370053 seconds is 374,6533912037 days, 9 more
> than a year...
>
This is what I get:
$ gpg --recv-key FAEBD5FC
gpg: requesting key FAEBD5FC from hkp server keyserver.kjsl.com
gpg: key FAEBD5FC: public key "Philip R. Zimmermann <prz at pgp.com>" imported
gpg: key FAEBD5FC: public key "Philip R. Zimmermann <prz at acm.org>" imported
gpg: public key FAEBD5FC is 37319134 seconds newer than the signature
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0 valid: 30 signed: 123 trust: 0-, 0q, 0n, 0m, 0f, 30u
gpg: depth: 1 valid: 123 signed: 61 trust: 3-, 3q, 0n, 36m, 81f, 0u
gpg: depth: 2 valid: 45 signed: 96 trust: 1-, 1q, 2n, 25m, 16f, 0u
gpg: depth: 3 valid: 6 signed: 20 trust: 0-, 0q, 0n, 4m, 2f, 0u
gpg: depth: 4 valid: 3 signed: 4 trust: 0-, 0q, 0n, 1m, 2f, 0u
gpg: next trustdb check due at 2008-08-17
gpg: Total number processed: 2
gpg: imported: 2
Now with a different keyserver:
$ gpg --recv-key FAEBD5FC
gpg: requesting key FAEBD5FC from hkp server subkeys.pgp.net
gpg: key FAEBD5FC: "Philip R. Zimmermann <prz at pgp.com>" not changed
gpg: key FAEBD5FC: no user ID for key signature packet of class 10
gpg: key FAEBD5FC: no user ID for key signature packet of class 10
gpg: key FAEBD5FC: no user ID for signature
gpg: Total number processed: 2
gpg: unchanged: 1
Now another keyserver:
$ gpg --recv-key FAEBD5FC
gpg: requesting key FAEBD5FC from hkp server pgp.uni-mainz.de
gpg: key FAEBD5FC: "Philip R. Zimmermann <prz at pgp.com>" not changed
gpg: key FAEBD5FC: no user ID for key signature packet of class 10
gpg: key FAEBD5FC: no user ID for key signature packet of class 10
gpg: key FAEBD5FC: no user ID for signature
gpg: Total number processed: 2
gpg: unchanged: 1
gpg --edit-key FAEBD5FC
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub 1024D/FAEBD5FC created: 1998-06-13 expires: never usage: SCA
trust: undefined validity: unknown
sub 2048g/5481FA99 created: 2000-03-11 expires: never usage: E
[ unknown] (1). Philip R. Zimmermann <prz at pgp.com>
Command> check
uid Philip R. Zimmermann <prz at pgp.com>
sig! X 61D7341D 2003-09-07 Dave J. (Scoop0901)
<scoop0901 at scoop0901.net>
sig! FAEBD5FC 2000-03-11 [self-signature]
At every trustdb check, that key FAEBD5FC comes up with
'gpg: public key FAEBD5FC is 37319134 seconds newer than the signature'
Why?:
gpg: Total number processed: 2
gpg: unchanged: 1
Shouldn't it be: .....Total number processed: 1 (and not 2)?
"unchanged: 1" - At every download from a key server, *two* keys are
processed, and one of them has something new?
The primary key was created on 1998-06-13 never expires.
The encryption subkey was created 2000-03-11 never expires, and there is
a self signature dated 2000-03-11. Could that be a signature for the
modification of the subkey's expiration date?
And ...no user ID for signature... ?
I have no answers, only questions.
Charly
More information about the Gnupg-users
mailing list