Mailing List Archive

WKD: how to remove expired key verification
Hello,

a key contains an old, expired verification.

If searching this key by WKD, it shows:

$ gpg --locate-key xy@xyxy.de
pub rsa2048 2013-10-21 [SCEA] [verfallen: 2019-03-26]
6EB139DA63B4D15xyxyB970F435Fxy3FB0Dxyxy
uid [ verfallen ] Pre Name <xy@xyxy.de>

Valid keys included are not shown.

How to fix this, how to deactivate/ remove expired verification?

Kleopatra screenshot attached too => Key 7217... must be removed.

Thanks for help, best regards!
Re: WKD: how to remove expired key verification [ In reply to ]
On Dienstag, 3. August 2021 11:02:35 CEST gnupgpacker wrote:
> Hello,
>
> a key contains an old, expired verification.
>
> If searching this key by WKD, it shows:
>
> $ gpg --locate-key xy@xyxy.de
> pub rsa2048 2013-10-21 [SCEA] [verfallen: 2019-03-26]
> 6EB139DA63B4D15xyxyB970F435Fxy3FB0Dxyxy
> uid [ verfallen ] Pre Name <xy@xyxy.de>
>
> Valid keys included are not shown.

If I run this I get a "Connection refused" error:

$ gpg -v --locate-key xy@xyxy.de
gpg: using pgp trust model
gpg: error retrieving 'xy@xyxy.de' via Local: No public key
gpg: error retrieving 'xy@xyxy.de' via WKD: Connection refused
gpg: error reading key: Connection refused

> How to fix this, how to deactivate/ remove expired verification?

You may have to fix the "Connection refused" error unless connections from
your computer are not refused. In any case, requesting more verbose output
will help diagnose the problem, i.e. run
$ gpg -v --locate-key xy@xyxy.de

Moreover, you can add
--auto-key-locate "clear,wkd,nodefault"
to make --locate-key ignore the local storage and try WKD only.

Regards,
Ingo
WKD: how to remove expired key verification [ In reply to ]
Hello
and thanks for this hints.

If using:
$ gpg -v --auto-key-locate clear,wkd,nodefault --locate-key xy at xyxy.de
gpg: verwende Vertrauensmodell pgp
gpg: pub rsa4096/F507E7850xxxxxxC 2015-01-05 Vorname Name <xy at xyxy.de>
gpg: Schlüssel F507E785xxxxxxC: "Vorname Name <xy at xyxy.de>" nicht geändert
gpg: pub rsa2048/435F423FxxxxxxD4 2013-10-21 Vorname Name <xy at xyxy.de>
gpg: Hinweis: Signaturschlüssel 435F423FxxxxxxD4 ist am 26.03.2019 12:00:00 Mitteleurop?ische Zeit verfallen
gpg: Schlüssel 435F423FxxxxxxD4: "Vorname Name <xy at xyxy.de>" nicht geändert
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 2
gpg: unverändert: 2
gpg: auto-key-locate found fingerprint DDC9F7A53xxxxxxxxDAAD53F507E785xxxxxxC
gpg: `xy at xyxy.de' automatisch via WKD geholt
pub rsa4096 2015-01-05 [C] [verfällt: 2021-12-31]
DDC9F7A53xxxxxxxxDAAD53F507E785xxxxxxC
uid [ ultimativ ] Vorname Name <xy at xyxy.de>
sub rsa4096 2015-01-05 [A] [verfällt: 2021-12-31]
sub rsa4096 2015-01-05 [S] [verfällt: 2021-12-31]
sub rsa4096 2015-01-05 [E] [verfällt: 2021-12-31]


Signaturschlüssel 435F423FxxxxxxD4 has been expired on 26.03.2019, but is still attached to published and still valid public WKD key.

It's my own key, actual one and old expired signature key ;)
It has been used while changing my own pgp key to a stronger one for signing it with my old valid key. Now it is not more needed, new key has been spreaded.

How to remove this old and expired signature from my key contruct?

Thanks and best regards.




_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users