Re: signing gpg key with old key ...

To: Debian User List <debian-user@lists.debian.org>
Subject: Re: signing gpg key with old key ...
From: kmself@ix.netcom.com
Date: Sat, 11 Nov 2000 14:01:35 -0800
Message-id: <[🔎] 20001111140134.E3025@ix.netcom.com>
In-reply-to: <[🔎] 3A0AC45C.F3BE6AC9@tallan.com>; from jens.jorgensen@tallan.com on Thu, Nov 09, 2000 at 09:35:56AM -0600
References: <[🔎] Pine.LNX.4.21.0011080832480.26802-100000@maus.spack.org> <[🔎] 3A0AC45C.F3BE6AC9@tallan.com>

on Thu, Nov 09, 2000 at 09:35:56AM -0600, Jorgensen, Jens (jens.jorgensen@tallan.com) wrote:
> Adam Shand wrote:
> 
> > > how do i sign my new public key with my old private key?
> >
> > okay sorry to follow up my own message but i just figured it out.
> > sometimes it seems that i have to write down (or explain it to someone
> > else) in order to figure it out.
> >
> > if you need to do this it seems impossible from with in the --edit-key
> > menu you need to do it on the command line like this:
> >
> > # gpg -u old-key-id --sign-key new-key-id
> >
> > so now my next question is.  my old key id is expired but i've used it to
> > sign my new key.  i don't want people to use my old key.
> >
> > should i revoke my old key or will that illegitimize it's signature on my
> > new key?
> >
> > should i move the expire date on my old key (and update the keys server)?
> > if i do that how do i stop people from using it?

> The tools people use for sending you stuff should tell them that the
> key is expired. That should encourage them not to use it. If you
> revoke your old key that certainly invalidates the signature.
> Technically you can't change the expire date. I mean there's nothing
> to stop the software from changing the date and regenerating the
> signature but the server *should* recognize this and reject such a
> change since the old signature includes the expiration date.

My understanding is that you *can* change the expiration date, though
typically you wouldn't do so after the key had expired.  The change can
be propogated through public keyservers.

Question for the gallery:  Is there a good method for checking a local
keyring against a public keyserver to find updates and/or additional
signatures.  The best I can do right now is list the key IDs I've got
and do a 'gpg --recv-keys' to update this list.

-- 
Karsten M. Self <kmself@ix.netcom.com>     http://www.netcom.com/~kmself
 Evangelist, Zelerate, Inc.                      http://www.zelerate.org
  What part of "Gestalt" don't you understand?      There is no K5 cabal
   http://gestalt-system.sourceforge.net/        http://www.kuro5hin.org

Attachment: pgp9wrdSNM_hc.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Getting new keys (was Re: signing gpg key with old key ...)
  - From: Mike <reznaeous@earthlink.net>
- Re: signing gpg key with old key ...
  - From: Ethan Benson <erbenson@alaska.net>

References:
- Re: signing gpg key with old key ...
  - From: Adam Shand <larry@spack.org>
- Re: signing gpg key with old key ...
  - From: "Jorgensen, Jens" <jens.jorgensen@tallan.com>

Prev by Date: Printing problem
Next by Date: Getting new keys (was Re: signing gpg key with old key ...)
Previous by thread: Re: signing gpg key with old key ...
Next by thread: Getting new keys (was Re: signing gpg key with old key ...)
Index(es):
- Date
- Thread