[pkg-gnupg-maint] Bug#907234: gnupg warns that an email was signed by a key that expired... in 2018

Alexandre Viau aviau at debian.org
Sat Aug 25 02:54:56 BST 2018 

On 2018-08-24 09:37 PM, Nicolas Braud-Santoni wrote:
>> $ gpg -k aviau
>> gpg: please do a --check-trustd

So that would be one entry for pub 0xDA82830E3CCC3A3A, and the signature
expires on 2019-07-15:

>> pub   rsa4096/0xDA82830E3CCC3A3A 2014-04-01 [SC] [expires: 2019-07-15]
>>       Key fingerprint = E301 54F5 429F FBB9 B22E  49C2 DA82 830E 3CCC 3A3A
>> uid                   [  full  ] Alexandre Viau <alexandre at alexandreviau.net>
>> uid                   [  full  ] Alexandre Viau (ReAzem) <reazem at reazem.net>
>> uid                   [  full  ] Alexandre Viau <aviau at debian.org>
>>
That would be a second entry for pub 0xDA82830E3CCC3A3A, and the
signature expires on 2020-07-14:

>> pub   rsa4096/0xDA82830E3CCC3A3A 2014-04-01 [SC] [expires: 2020-07-14]
>>       Key fingerprint = E301 54F5 429F FBB9 B22E  49C2 DA82 830E 3CCC 3A3A
>> uid                   [  full  ] Alexandre Viau <alexandre at alexandreviau.net>
>> uid                   [  full  ] Alexandre Viau (ReAzem) <reazem at reazem.net>
>> uid                   [  full  ] Alexandre Viau <aviau at debian.org>

Now the subkeys, that all expire on 2020-07-14

>> sub   rsa4096/0xD8FF317310159602 2016-06-02 [E] [expires: 2020-07-14]
>> sub   rsa4096/0xA760A90DE6594708 2016-07-13 [A] [expires: 2020-07-14]
>> sub   rsa4096/0x8F2B113C6535C5A7 2016-07-15 [S] [expires: 2020-07-14]
It looks like the signature should be accepted and that there should not
be two entries for 0xDA82830E3CCC3A3A, as they are the same key. Am I
missing something?

> Please find attached the mail that exposed the bug.
> I am using neomutt as a mail reader, in cast that's relevant

Did you attach it? It does not appear on the bug page.

-- 
Alexandre Viau
aviau at debian.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 858 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20180824/fecd4d8f/attachment.sig>

More information about the pkg-gnupg-maint mailing list