How to set a custom creation date for OpenPGP certificates?
Can I create an OpenPGP Certificate containing a custom creation (start validity) Date?
I need to create an OpenPGP certificate today, but made it valid from next week only (for example).
Using tools like "Kleopatra", I'm able to set the "expiry date" only.
Keys and Certificates
First of all, OpenPGP has a different wording than X.509. What you describe as certificates is usually called "key" in OpenPGP, while only signatures on other keys are called a certification.
"Not valid before"
Furthermore, there is no defined "not valid before" parameter. There is the creation timestamp, but there is no defined behavior for dates in the future -- implementations of OpenPGP might issue a warning, completely deny using the key or simply ignore the fact at all.
Faking the Creation Time
GnuPG does not know an option to set the creation time, but the system time is used. The easiest and most general way is to change the system time to the desired date.
For Linux, there is the very helpful tool faketime
(source on github), which can be used to start other commands with arbitrary dates:
faketime -f '2008-12-24 08:15:42' gpg2 --gen-key
You might have to terminate gpg-agent
so it gets restarted, if it does not see (but use) the faked time.
GnuPG also has a --faketime
parameter, but it does only work if --debug
is also set, which requires some compile options that are not always applied for production builds.