"Certificate expired" error. But it hasn't!?

I’m new to PGP and Gpg4Win, but I think I’ve read enough understand the concepts.

All I want to do is to verify a file signed with a PGP key. I have myself verified the key from many sources over time, so I want Gpg4Win to trust it to avoid any trust warnings.

I have downloaded these files:

I have just installed the latest version of Gpg4Win (v2.3.1) and have used Kleopatra to do the following:

Import Certificates → public.key
New Certificate → Create a personal OpenPGP key pair, etc…

Right-clicked the developer’s certificate and chose “Certify Certificate”, “only for myself”, etc…

And I get the error message, “The certificate could not be certified. Error: Certificate expired”.

But my own certificate is valid from when I created it with no expiry date. And the developer’s one is valid from 2015 to 2017.

Am I doing something wrong? I’m really confused! Thanks in advance :slight_smile:


thanks for your report. This is a known issue though https://bugs.kde.org/show_bug.cgi?id=358392 , when one subkey of a key is expired Kleopatra throws that error when trying to certify the key. This will be fixed in the next major version of Gpg4win.

As a workaround you can use the command line → gpg2 --lsign