[Pkg-gnupg-maint] Bug#489225: gnupg says KEYEXPIRED even when only other subkeys are expired
Peter Palfrader
weasel at debian.org
Sun Jul 6 07:19:45 UTC 2008
On Sat, 05 Jul 2008, Werner Koch wrote:
> On Fri, 4 Jul 2008 14:53, weasel at debian.org said:
>
> > When I have a signature made by an expired key, will I get {GOODSIG,EXPKEYSIG},
> > or {BADSIG,EXPKEYSIG}?
>
> Only one them:
>
> if( !rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE ) {
> KBNODE un, keyblock;
> int count=0, statno;
> char keyid_str[50];
> PKT_public_key *pk=NULL;
>
> if(rc)
> statno=STATUS_BADSIG;
> else if(sig->flags.expired)
> statno=STATUS_EXPSIG;
> else if(is_expkey)
> statno=STATUS_EXPKEYSIG;
> else if(is_revkey)
> statno=STATUS_REVKEYSIG;
> else
> statno=STATUS_GOODSIG;
>
> in addition you will get a VALIDSIG line if the signature is good. Thus
> you see {EXPKEYSIG,VALIDSIG} for a valid signature donme with an expired
> key.
DETAILS in 1.4.9 says:
| GOODSIG <long keyid> <username>
| The signature with the keyid is good. For each signature only
| one of the three codes GOODSIG, BADSIG or ERRSIG will be
| emitted and they may be used as a marker for a new signature.
So probably this ought to be updated?
Thanks,
weasel
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/
More information about the Pkg-gnupg-maint
mailing list