[Pkg-gnupg-maint] Bug#489225: gnupg says KEYEXPIRED even when only other subkeys are expired

[Werner Koch]

On Fri,  4 Jul 2008 14:53, weasel at debian.org said:

> When I have a signature made by an expired key, will I get {GOODSIG,EXPKEYSIG},
> or {BADSIG,EXPKEYSIG}?

Only one them:

    if( !rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE ) {
	KBNODE un, keyblock;
	int count=0, statno;
        char keyid_str[50];
	PKT_public_key *pk=NULL;

	if(rc)
	  statno=STATUS_BADSIG;
	else if(sig->flags.expired)
	  statno=STATUS_EXPSIG;
	else if(is_expkey)
	  statno=STATUS_EXPKEYSIG;
	else if(is_revkey)
	  statno=STATUS_REVKEYSIG;
	else
	  statno=STATUS_GOODSIG;

in addition you will get a VALIDSIG line if the signature is good.  Thus
you see {EXPKEYSIG,VALIDSIG} for a valid signature donme with an expired
key.



Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.