[OpenPGP] Problems with SignatureExpirationTime

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[OpenPGP] Problems with SignatureExpirationTime

Felix Schad
Hello Folks,

I'm currently in trouble with understanding the meaning of the
My intent is to generate a signature that is only valid for a certain time
-- and that's what the SignatureExpirationTime is thought for, as far as I
got the point about it.
But I ran into a few questions about it:
1) After (successful) signing of a document a valid ExpirationSubpacket can
be found in the SignaturePacket. After sending it over a channel and
retrieving it, this packet is only retrieved as a common Subpacket (the
id-flag has been set to 0 instead of 3). This doesn't occur when I'm adding
the SubpacketVector unhashed; afterwards it gets decoded as it should be.

2) How is the expirationTime handled when calling the verify()-Method? If it
has expired then verification should faild -- shouldn't it? But this isn't
what i've seen so far...but this is the feature I must be able to rely upon.
So...how is it done correctly?

3) expirationTime is the offsetTime counted from the signature's
creationTime on. How about it's validity when the signature is checked for
on two different systems with system clocks that don't match? Or doesn't
this count.....

4) where can I find more info about this in general? the rfc about openPGP
isn't very explanatory.....

Lots of thanks in advance....
Felix Schad

5 GB Mailbox, 50 FreeSMS http://www.gmx.net/de/go/promail
+++ GMX - die erste Adresse f?r Mail, Message, More +++