On 03/01/2013 01:47 PM, adrelanos wrote: > is the gpg output "gpg: Signature made <date time>" tamper resistant? > > Or in other words, is the date and time taken from the signers machine > clock and signed with the signers private key?
The signature time is signed with the signer's private key, so you can
verify the date/time that the signer intended to put there. There is no
way to verify the origin of the timestamp, though (that is, you can't
prove that it was taken from the machine clock). Even if LD_PRELOAD
hacks like faketime or datefudge didn't exist, a user with physical
control of the machine could just reset the clock to whatever they
wanted, make the signature, and then reset the clock again.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
