View Issue Details

IDProjectCategoryView StatusLast Update
0000669Main CAcert WebsiteGPG/PGPpublic2014-04-06 18:05
Reporterjaymzh Assigned To 
Status needs workResolutionopen 
Product Version2009 Q1 
Summary0000669: PGP System fails to update keys it mistakenly things have expired... sorta
DescriptionMy PGP key A1E732BB had an expiration date when I uploaded it years ago, but that expiration date was removed long before it expired.

As such, the CACert PGP system has the "new" version of my key on one email/UID (, and the "old" version on the other email/UID (

I see no way to upload a new copy of that key for that email, or to delete the key CACert has. Uploading the key as didn't make it notice that is the same key (and in fact the *primary* UID!).
TagsNo tags attached.
Reviewed by
Test Instructions


related to 0000089 needs workSourcerer GPG Revokation Escrow Service 
related to 0001079 needs work GPG key can not be revoked 



2009-01-09 16:10

administrator   ~0001267

We have changed the architecture, to make sure that every request is handled independently from any other request (or previously issued PGP signatures). So I doubt that the fact that you previously uploaded a key with an expiration date can still cause a problem here. Could you please send me the key to and contact me on IRC (or some other method), so that we can take a look at it together?


2009-01-09 17:30

reporter   ~0001268

Couldn't find you on irc, but I sent you an email with my key.


2009-01-28 16:15

reporter   ~0001270



2010-08-03 11:38

administrator   ~0001609

You can upload your key through +GPG/PGP Keys -> New at any time to get it signed, whether you have uploaded it before, or not. CAcert does not mind, whether you have uploaded it before, or not.
If this does not work, then please file a bug or contact me.
The order of UIDs in a key is unfortunately not very well defined with GnuPG and different from time to time.
The +GPG/PGP Keys -> View page is always historic, and shows all the requests you made to upload a PGP key. Since there is no usable revocation mechanism for PGP key signatures, and since all new requests are handled independently of all previous requests, deleting a key would not have any effect.


2014-03-20 23:09

reporter   ~0004664

I have to requests open for my key 9A61 50DE AB02 9ADD F4D7 35E3 5CA4 893E 69B9 FC4E to get signed. This key never had an expiration date set, however I got an error message that the key is expired and the key is not signed.

I'm connected to as Dakon, feel free to ping me anytime you need assistance.


2014-04-06 07:48

updater   ~0004695

dakon: It seems one of the two subkeys (the RSA 2048 one) has a key expiration set. Thus I'm not sureI'm not quite sure how things have to be assessed. I wonder why it neither signs nor gives a clear rejection for this key.


2014-04-06 18:05

reporter   ~0004696

I was able to re-upload my key and it accepted it as valid. Sorry for the very long delay. It would still be nice to delete the old entries though.

Issue History

Date Modified Username Field Change
2009-01-09 13:16 jaymzh New Issue
2009-01-09 16:10 Sourcerer Note Added: 0001267
2009-01-09 17:30 jaymzh Note Added: 0001268
2009-01-28 16:15 jaymzh Note Added: 0001270
2009-01-28 16:16 jaymzh Reproducibility N/A => always
2010-08-03 11:38 Sourcerer Note Added: 0001609
2012-12-20 07:48 Werner Dworak Relationship added related to 0000089
2012-12-20 08:32 Werner Dworak Relationship added related to 0001079
2014-03-20 23:09 dakon Note Added: 0004664
2014-04-06 07:48 BenBE Note Added: 0004695
2014-04-06 08:56 BenBE Status new => needs work
2014-04-06 08:56 BenBE Product Version => 2009 Q1
2014-04-06 18:05 jaymzh Note Added: 0004696