Bug#953733: hokey lint: please warn when different self-sigs have different key expiration times or primary key usage flags

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Mar 12 19:08:06 GMT 2020 

On Thu 2020-03-12 13:45:48 -0400, Daniel Kahn Gillmor wrote:
> It's not clear how a receiving implementation would treat such a
> composite certificate. GnuPG, for example, appears to take the union of
> all validity times when it comes to expiration (valid through 2025), but
> the intersection of all capabilities when it comes to key usage flags
> (primary key is certification-capable only):
>
>
> pub   rsa3072 2020-03-12 [C] [expires: 2025-03-11]
>       7138FE5EB6895581ED99E3AD3CB7A19683B428D1
> uid           [ultimate] <alice.jones at example.com>
> uid           [ultimate] <alice at example.net>
> sub   rsa3072 2020-03-12 [E]

Hm, i take back the assertion above about unions and intersections.

Rather, it appears that in the case of a conflict, GnuPG simply prefers
the self-sig over the user ID that appears *first* in the certificate.

However, since certificates are trivially reorderable by anyone (not
just the primary key holder) this means that i can make the certificate
look different just by rearranging things.

The attached alice-reordered.key certificate contains the exact same
OpenPGP packets, but in a different order.  Importing it into an
otherwise empty GnuPG homedir now shows:

pub   rsa3072 2020-03-12 [SC] [expires: 2022-03-12]
      7138FE5EB6895581ED99E3AD3CB7A19683B428D1
uid           [ultimate] <alice.jones at example.com>
uid           [ultimate] <alice at example.net>
sub   rsa3072 2020-03-12 [E]

I've noted this weirdness over at https://dev.gnupg.org/T4879, fwiw.

Anyway, i think this is a pretty clear argument that "hokey lint" should
warn if there is incompatible key metadata in the relevant self-sigs.

     --dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: alice-reordered.key
Type: application/pgp-keys
Size: 3102 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-haskell-maintainers/attachments/20200312/c3b03016/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-haskell-maintainers/attachments/20200312/c3b03016/attachment.sig>

More information about the Pkg-haskell-maintainers mailing list