[pkg-gnupg-maint] Bug#829366: Bug#829366: doesn't allow for creation of keys with 90-year expiry

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun Jul 3 13:35:18 UTC 2016

On Sat 2016-07-02 15:43:54 -0400, Luke Faraone wrote:
> Creating a key that expires in 89 years correctly sets an expiry of 2105, but
> attempting to set an expiry of 90 years or greater results in an expirty date
> that wraps around to 1970.
> Curiously, the time on such wrapped-around expiries is always 13:09:41.

Right, the underlying OpenPGP specification doesn't permit this because
of its use of 32-bits unsigned seconds-since-the-unix epoch:


Setting aside the advisiability of a 90-year expiration date (it is
*not* advisable), i'm wondering how you'd like to proceed with this bug
report.  If GnuPG gave an error when asked to set timestamps outside of
its representable range, would that be sufficient to close this bug?

Otherwise, this can only be resolved with an update to the OpenPGP
specification, and GnuPG adopting that future spec.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20160703/8916428a/attachment.sig>

More information about the pkg-gnupg-maint mailing list