On 26 Feb 2024, at 17:42, Jan Girlich <[email protected]> wrote: > > On Mon, 2024-02-26 at 17:14 +0000, Andrew Gallagher wrote: >> On 26 Feb 2024, at 14:29, Jan Girlich <[email protected]> >> wrote: >>> >>> How is the timestamp '-62135596800' to be interpreted? >> >> It would normally be interpreted as “seconds before the epoch”, but >> in this particular case the key is unparseable, so the number is >> meaningless. Keys can be unparseable for many reasons, but the most >> common one is the use of an obsolete primary key algorithm, such as >> RSA512 or Elgamal encrypt-and-sign. > > thanks for this explanation. I know that this key worked fine from the > same keyserver before.
This was most likely before it was migrated from sks-keyserver to hockeypuck, about three(?) years ago. > Should I be worried about the integrity of the > web of trust with regard to corrupted keys? Or could it be that since > this key has been revoked that the keyserver is giving nonsensical > responses on purpose? So, for a bit of context, epoch minus 62135596800 is 1 Jan 0001. This is the default “zero time” in golang, meaning that any uninitialised timestamp variable will return this value. The expiry time for this key is uninitialised because there are no valid self-signatures over this key, which in turn is because it is an RSA1024 key, which is no longer supported by go-crypto/openpgp and therefore its signatures are unparseable by hockeypuck. In a sense, it is “not even revoked”. Any WoT certifications made by this key are no longer cryptographically sound and should not be relied upon. A
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Gnupg-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-devel
