How to force gpg2 to use expired key?
--------------------------------------------------
Hire the world's top talent on demand or became one of them at Toptal: https://topt.al/25cXVn
and get $2,000 discount on your first invoice
--------------------------------------------------
Music by Eric Matyas
https://www.soundimage.org
Track title: Puzzle Island
--
Chapters
00:00 How To Force Gpg2 To Use Expired Key?
00:26 Accepted Answer Score 15
01:03 Answer 2 Score 1
01:19 Answer 3 Score 19
01:34 Thank you
--
Full question
https://superuser.com/questions/167095/h...
--
Content licensed under CC BY-SA
https://meta.stackexchange.com/help/lice...
--
Tags
#gnupg #cryptography #expiredkey
#avk47
Hire the world's top talent on demand or became one of them at Toptal: https://topt.al/25cXVn
and get $2,000 discount on your first invoice
--------------------------------------------------
Music by Eric Matyas
https://www.soundimage.org
Track title: Puzzle Island
--
Chapters
00:00 How To Force Gpg2 To Use Expired Key?
00:26 Accepted Answer Score 15
01:03 Answer 2 Score 1
01:19 Answer 3 Score 19
01:34 Thank you
--
Full question
https://superuser.com/questions/167095/h...
--
Content licensed under CC BY-SA
https://meta.stackexchange.com/help/lice...
--
Tags
#gnupg #cryptography #expiredkey
#avk47
ANSWER 1
Score 19
Use the --faked-system-time option:
gpg2 --faked-system-time 20100101T000000 -e -r keyid
I would prefer an option that would force encryption to an expired key while also recording the correct time (especially when signing).
ACCEPTED ANSWER
Score 15
As @rob suggested in comments, libfaketime handles this well:
$ gpg -v -v -v --batch --trust-model always -ear D5B9D38C <<< "qweqe"
gpg: using character set 'utf-8'
gpg: Note: signature key 077EA269D5B9D38C expired Sun 09 Nov 2014 12:57:25 PM +03
gpg: D5B9D38C: skipped: Unusable public key
gpg: [stdin]: encryption failed: Unusable public key
$ faketime '2012-12-24 08:15:42' gpg -v -v -v --batch --trust-model always -ear D5B9D38C <<< "qweqe"
gpg: using character set 'utf-8'
gpg: using subkey 85231B396B9569ED instead of primary key 077EA269D5B9D38C
gpg: No trust check due to '--trust-model always' option
gpg: reading from '[stdin]'
gpg: writing to stdout
gpg: RSA/AES256 encrypted for: "..."
-----BEGIN PGP MESSAGE-----
...
Old answer:
- Start UML (user mode linux)
- Set date inside UML to acceptable range.
- Encrypt message in UML
ANSWER 3
Score 1
Reset hardware and system clock:
sudo hwclock --set --date "12/31/2017 23:59:59" && \
sudo hwclock --hctosys && \
gpg --sign-with $keyid --clearsign --armor < $file
Afterwards (I hope you have NTP enabled) fix your hardware clock with:
sudo hwclock --systohc