Why is "--allow-non-selfsigned-uid" needed to import this key?
Robert J. Hansen
rjh at sixdemonbag.org
Mon May 16 20:50:19 CEST 2011
On Mon, 16 May 2011 11:32:15 -0600, Steve Strobel
<steve.strobel at link-comm.com> wrote:
> root:~> gpg --import test-key.gpg
> gpg: key CBF38289 was created 137948617 seconds in the future
> (time warp or clock problem)
This is exactly what it sounds like: according to your certificate, it was
created about five and a half months from now.[1] To GnuPG, that sounds
like something's hinky and it refuses to allow it to be imported. You've
managed to get around it by telling GnuPG, "listen, fine, strip off the
hinky signature: /now/ will you accept it?"
And in that case, sure, GnuPG will: but the consequence of it is you've
got a UID that's missing a signature. Hence, "allow-nonselfsigned-uid"
must be passed on the command line.
[1] As an undergraduate Prof. Hill once mused to me, "Math is funny. You
tell someone how many seconds are in a year, they forget it immediately.
You tell them that accurate to half a percent there are pi seconds in a
nanocentury and they remember it for life." He was right, I've never
forgotten, and that's made it easy to remember there are 31.4 million (3.14
* 10**7) seconds in a year. 13.8 million / 31.4 million = 137/314 = 0.44
of a year, * 12 = five and a half months, more or less. Not really
relevant to GnuPG, but a handy factoid for timestamp calculations, if you
ever need to do them in a hurry.
More information about the Gnupg-users
mailing list