Time conflicts not checked on subkey signatures?

Holger Sesterhenn Holger.Sesterhenn at smgwtest.aachen.utimaco.de
Fri Nov 12 12:41:11 CET 2004 

 Hi,

I have done some research on how gnupg handles time conflicts between
signature packets and public key packets/public subkey packets.

Signatures are checked in g10/sig-check.c.

do_check_messages() compares the public key packet timestamp and the
signature packet timestamp. The error code "G10ERR_TIME_CONFLICT" is not
set somewhere else in sig-check.c.

The function check_key_signature2() calls do_check_messages() via
do_check(). The subkey packet is just hashed but not checked for time
conflicts.

You can see the problem with this key:

./gpg --with-colon --fingerprint --fixed-list-mode --check-sig

(GnuPG 1.3.6, 1.2.4 looks slightly different, I hope the output is not
that much crippled)

pub:r:1024:17:131E92BF5A16ADD7:936832137:::-:::sca:
fpr:::::::::02A3BC00358327E518CEA199131E92BF5A16ADD7:
rev:!::17:131E92BF5A16ADD7:949365009::::RavingCow
<ravingcow at hotmail.com>:20x:
uid:r::::942521984::9AAA48F52CA77FF628A75CB8BD913287A0DCBD68::RavingCow
<ravingcow at hotmail.com>:
sig:?::17:F8601C136A6CF305:943903355:::::10x:
rev:%::17:131E92BF5A16ADD7:943631147::::[unknown signature class] :28x:
rev:%::17:131E92BF5A16ADD7:944264133::::[unknown signature class] :28x:
sig:!::17:131E92BF5A16ADD7:942521984::::RavingCow
<ravingcow at hotmail.com>:10x:
sig:?::17:83CAAC2837AA3A5B:943575352:951783352::::10x:
uid:r::::936832137::62BA3AFE78F6DCD72279A4F934C8AD45FD547D68::David
Greenaway <vbkid at rocketmail.com>:
sig:?::17:F8601C136A6CF305:943793261:::::10x:
rev:%::17:131E92BF5A16ADD7:943631147::::[unknown signature class] :28x:
rev:%::17:131E92BF5A16ADD7:944264133::::[unknown signature class] :28x:
sig:!::17:131E92BF5A16ADD7:936832137::::RavingCow
<ravingcow at hotmail.com>:10x:
sig:?::17:83CAAC2837AA3A5B:943575352:951783352::::10x:
sig:?::1:2CCA5AD654E87F1B:949364968::1 120:::10x:
sub:r:1024:16:97EF615D82E6AFC4:936832142::::::e:
sig:!::17:131E92BF5A16ADD7:936832142::::RavingCow
<ravingcow at hotmail.com>:18x:
rev:!::17:131E92BF5A16ADD7:943631147::::RavingCow
<ravingcow at hotmail.com>:28x:
sub:r:2048:16:B65DC362D7433511:942462001:946522801:::::e:
sig:-::17:131E92BF5A16ADD7:936832142::::RavingCow
<ravingcow at hotmail.com>:18x:
rev:!::17:131E92BF5A16ADD7:944264133::::RavingCow
<ravingcow at hotmail.com>:28x:
sig:!::17:131E92BF5A16ADD7:942522219::::RavingCow
<ravingcow at hotmail.com>:18x:
sub:i:2048:16:066E0F3E0BDA77F9:946609201:::::::
sub:r:4096:16:141ED9B26ED48A96:942462001:946522801:::::e:
sig:-::17:131E92BF5A16ADD7:936832142::::RavingCow
<ravingcow at hotmail.com>:18x:
sig:!::17:131E92BF5A16ADD7:942522407::::RavingCow
<ravingcow at hotmail.com>:18x:

sub:r:4096:16:EAE3081B816B7B04:946609201:954385201:::::e:
sig:-::17:131E92BF5A16ADD7:936832142::::RavingCow
<ravingcow at hotmail.com>:18x:
sig:!::17:131E92BF5A16ADD7:943632086::::RavingCow
<ravingcow at hotmail.com>:18x:
   
^^^^^^^^ Signature creation date is older than subkey creation date.

sub:i:4096:16:D0743C0946315695:946609201:::::::
sig:-::17:131E92BF5A16ADD7:936832142::::RavingCow
<ravingcow at hotmail.com>:18x:
rev:-::17:131E92BF5A16ADD7:943631147::::RavingCow
<ravingcow at hotmail.com>:28x:
rev:-::17:131E92BF5A16ADD7:944264133::::RavingCow
<ravingcow at hotmail.com>:28x:

I know that this key is crippled but nevertheless the revoke signature
on the subkey should not be treated as valid.

Key fetched from hkp://subkeys.pgp.net yesterday.

Verified with GnuPG 1.2.4, 1.3.6cvs, 1.3.93cvs (last 'cvs update' 12
hours ago).

Any comments?

-- 
Best Regards,

Holger Sesterhenn
---
Internet   http://www.utimaco.com

More information about the Gnupg-devel mailing list