Hi Jorge, This looks like a bug. It is debatable what it means if there is a signature which says that a key is expired and there is another signature which says that the key never expires. That said, the new signature that says that the key never expires is newer so it should prevail. I will look into it. As a workaround you might try to create a new key signature with an expiration date far in the future.
I'll look into the issue Kind regards, Martijn Brinkers -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF Messenger and Webmail Messenger On Thu, 2021-04-15 at 10:23 +0200, Jorge Gonzalez via Users wrote: > Hi listers, > I'm having trouble updating my expired PGP key in a CIphermail > instance. Here is what I did: > My public key was expired, so I generated a new public key with no > expiration date. I tested it locally in Thunderbird: I deleted my old > public key; I imported the new one and tried to send some encrypted > emails. All fine. > I uploaded my PGP key to our own PGP key server ( > https://pgpkeys.icij.org) and made sure the new public key was in > place: I downloaded and checked the downloaded one, it was the > correct one without the expiration date. > I logged in to our CIphermail instance, went to PGP area, and > searched for my old, expired key. It showed as expired, and I deleted > it. I verified that my key was no longer available in Ciphermail. > I went to the "Search keys" area, to download again my new key from > our PGP keyserver into CIphermail (our CIphermail is configured with > just one PGP keyserver: our private one). > I located my new key, it showed the right one: recently created and > no expiration date. I imported it into Ciphermail. > When I go again to the main PGP keys and search for my key, it shows > again my key as expired. > If I click on "Download Public keys" link, the downloaded public key > is the _good_ one, without an expiration date. > So it seems I can't update my expired PGP key. It looks like > Ciphermail is somehow keeping my expiration date somewhere, and > ignoring the new "non-expiration" from the newly downloaded key, even > if I delete the old key and reimport the new one. > Any ideas? > J. > -- > Jorge Gonzalez Villalonga > Systems Engineer > The International Consortium of Investigative Journalists > 1710 Rhode Island Ave NW, 11th floor | Washington DC 20036 | United > States > Phone: +34 672 173 200 (Madrid, Spain)
