Page MenuHome GnuPG

updating existing key certifications should not require --expert
Open, NormalPublic

Description

If Alice has made an OpenPGP certification over Bob's primary key + user ID, gpg
currently won't let her make a new signature, with an error message:

    "Bob <bob@example.org>" was already signed by key D39BDA50DD443420
    Nothing to sign with key D39BDA50DD443420

This is true even if Alice's certification is due to expire soon, or was made by
a weak digest algorithm (e.g. --weak-digest), or lacks some feature that a
newly-made certification would have (e.g. notation, etc).

It's possible to override this limit by using the --expert flag, but users
really shouldn't need to do so if they are trying to update an existing
certification.

Please make this check only skip the signing process if the *only* way that the
new certification would differ from the existing certification is based on the
creation date of the timestamp.

Details

Version
2.1.15

Event Timeline

dkg set Version to 2.1.15.
dkg added a subscriber: dkg.