Encryption with expired key?

Geraint Paul Bevan g.bevan@eng.gla.ac.uk
Mon Jul 28 18:33:17 2003


This is a multi-part message in MIME format.
--------------030503030508050309020708
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Thank you for the various replies and suggestions.

It appears that the key which I have been unable to import is set to 
never expire (expiry date=0) according to PGP and this appears to be 
confirmed by pgpdump. Gnupg seems to be incorrectly setting the expiry 
date to be the key creation date.

I have attached an anonymised copy of the output from 'pgpdump key.asc' 
in case this helps shed any light on the problem.

I am reluctant to adjust the clock on my system while sending e-mails as 
this may interfere with background processes, so I have had a look at 
altering the code which verifies that the key hasn't expired.

It seems that commenting out two lines in getkey.c is sufficient to 
allow gpg to import the key without complaining. Interestingly, one of 
the lines is commented "actually this should never happen", so perhaps 
this is indicative of a bug in gnupg.

I don't know if this will help anyone identify the problem, but I can 
also get gpg to import the key if I set sig-check.c/do_check_messages() 
to return G10ERR_TIME_CONFLICT. Unfortunately, gpg won't successfully 
import other keys if I do this.

Anyway, I have attached the patch in case it proves to be useful to 
anyone who experiences similar difficulties.

Unfortunately, I have still not been able to communicate successfully 
with the owner of the key, however I think that this may prove to be due 
to something other than the key expiry date.

Regards,
-- 
Geraint Bevan
Department of Mechanical Engineering
University of Glasgow
Tel: +44 (0)141 330 5917

--------------030503030508050309020708
Content-Type: text/plain;
 name="gnupg-getkey.c.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="gnupg-getkey.c.diff"

diff -r -c /usr/local/src/gnupg-clean/gnupg-1.2.2/g10/getkey.c /usr/local/src/gnupg-gpb/gnupg-1.2.2/g10/getkey.c
*** /usr/local/src/gnupg-clean/gnupg-1.2.2/g10/getkey.c	Tue Apr 29 08:26:40 2003
--- /usr/local/src/gnupg-gpb/gnupg-1.2.2/g10/getkey.c	Mon Jul 21 18:17:49 2003
***************
*** 1461,1467 ****
  
  	p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
  	if ( p ) {
! 	  key_expire = keytimestamp + buffer_to_u32(p);
  	  key_expire_seen = 1;
          }
  
--- 1461,1467 ----
  
  	p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
  	if ( p ) {
! 	  /* key_expire = keytimestamp + buffer_to_u32(p); */
  	  key_expire_seen = 1;
          }
  
***************
*** 1738,1744 ****
          BUG ();
      mainpk = keyblock->pkt->pkt.public_key;
      if ( mainpk->version < 4 )
!         return; /* (actually this should never happen) */
      keyid_from_pk( mainpk, mainkid );
      subpk = subnode->pkt->pkt.public_key;
      keytimestamp = subpk->timestamp;
--- 1738,1744 ----
          BUG ();
      mainpk = keyblock->pkt->pkt.public_key;
      if ( mainpk->version < 4 )
!       /* return */ ; /* (actually this should never happen) */
      keyid_from_pk( mainpk, mainkid );
      subpk = subnode->pkt->pkt.public_key;
      keytimestamp = subpk->timestamp;

--------------030503030508050309020708
Content-Type: text/plain;
 name="modified-pgpdump.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="modified-pgpdump.txt"

Old: Public Key Packet(tag 6)(143 bytes)
	Ver 3 - old
	Public key creation time - Wed Mar 12 10:54:24 GMT 2003
	Valid days - 1095[0 is forever]
	Pub alg - RSA Encrypt or Sign(pub 1)
	RSA n(1024 bits) - ...
	RSA e(17 bits) - ...
Old: Signature Packet(tag 2)(166 bytes)
	Ver 4 - new
	Sig type - Signature directly on a key(0x1f).
	Pub alg - RSA Encrypt or Sign(pub 1)
	Hash alg - MD5(hash 1)
	Hashed Sub: key expiration time(sub 9)(4 bytes)
		Time - Thu Jan  1 01:18:15 BST 1970
	Hashed Sub: key flags(sub 27)(2 bytes)
		Flag - This key may be used to certify other keys
	Hashed Sub: signature creation time(sub 2)(4 bytes)
		Time - Thu May 22 15:22:03 BST 2003
	Sub: issuer key ID(sub 16)(8 bytes)
		Key ID - <0xKEYID>
	Hash left 2 bytes - 32 f5 
	RSA m^d mod n(1023 bits) - ...
		-> PKCS-1
Old: User ID Packet(tag 13)(62 bytes)
	User ID - Lastname Firstname BLAH F-PDP2 <FIRSTNAME.LASTNAME@COMPANY.COM>
Old: Signature Packet(tag 2)(149 bytes)
	Ver 3 - old
	Hash material(5 bytes):
		Sig type - Generic certification of a User ID and Public Key packet(0x10).
		Creation time - Thu May 22 15:22:08 BST 2003
	Key ID - <0xKEYID>
	Pub alg - RSA Encrypt or Sign(pub 1)
	Hash alg - MD5(hash 1)
	Hash left 2 bytes - 13 b2 
	RSA m^d mod n(1024 bits) - ...
		-> PKCS-1
Old: User ID Packet(tag 13)(59 bytes)
	User ID - Lastname Firstname BLAH F-PDP2 <BLAH123@SOME.COMPANY-GROUP.DE>
Old: Signature Packet(tag 2)(149 bytes)
	Ver 3 - old
	Hash material(5 bytes):
		Sig type - Generic certification of a User ID and Public Key packet(0x10).
		Creation time - Thu May 22 15:22:08 BST 2003
	Key ID - <0xKEYID>
	Pub alg - RSA Encrypt or Sign(pub 1)
	Hash alg - MD5(hash 1)
	Hash left 2 bytes - 13 49 
	RSA m^d mod n(1023 bits) - ...
		-> PKCS-1
Old: User ID Packet(tag 13)(68 bytes)
	User ID - Lastname Firstname BLAH F-PDP2 <FIRSTNAME.LASTNAME@COMPANY-GLOBAL.COM>
Old: Signature Packet(tag 2)(149 bytes)
	Ver 3 - old
	Hash material(5 bytes):
		Sig type - Generic certification of a User ID and Public Key packet(0x10).
		Creation time - Thu May 22 15:22:08 BST 2003
	Key ID - <0xKEYID>
	Pub alg - RSA Encrypt or Sign(pub 1)
	Hash alg - MD5(hash 1)
	Hash left 2 bytes - 8f b3 
	RSA m^d mod n(1020 bits) - ...
		-> PKCS-1
Old: Public Subkey Packet(tag 14)(143 bytes)
	Ver 3 - old
	Public key creation time - Wed Mar 12 10:54:26 GMT 2003
	Valid days - 1095[0 is forever]
	Pub alg - RSA Encrypt or Sign(pub 1)
	RSA n(1024 bits) - ...
	RSA e(17 bits) - ...
Old: Signature Packet(tag 2)(149 bytes)
	Ver 3 - old
	Hash material(5 bytes):
		Sig type - Subkey Binding Signature(0x18).
		Creation time - Thu May 22 15:22:08 BST 2003
	Key ID - <0xKEYID>
	Pub alg - RSA Encrypt or Sign(pub 1)
	Hash alg - MD5(hash 1)
	Hash left 2 bytes - 87 d6 
	RSA m^d mod n(1020 bits) - ...
		-> PKCS-1

--------------030503030508050309020708--