Re: signing gpg key with old key ...
The tools people use for sending you stuff should tell them that the key is expired. That should encourage them not to use it. If you revoke your old key that certainly invalidates the signature. Technically you can't change the expire date. I mean there's nothing to stop the software from changing the date and regenerating the signature but the server *should* recognize this and reject such a change since the old signature includes the expiration date.
Adam Shand wrote:
> > how do i sign my new public key with my old private key?
>
> okay sorry to follow up my own message but i just figured it out.
> sometimes it seems that i have to write down (or explain it to someone
> else) in order to figure it out.
>
> if you need to do this it seems impossible from with in the --edit-key
> menu you need to do it on the command line like this:
>
> # gpg -u old-key-id --sign-key new-key-id
>
> so now my next question is. my old key id is expired but i've used it to
> sign my new key. i don't want people to use my old key.
>
> should i revoke my old key or will that illegitimize it's signature on my
> new key?
>
> should i move the expire date on my old key (and update the keys server)?
> if i do that how do i stop people from using it?
>
> thanks,
> adam.
>
> --
> Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
--
Jens B. Jorgensen
jens.jorgensen@tallan.com
Reply to: