Get expiration date by searching on keyservers

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Wed Apr 30 19:33:39 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 04/30/2014 07:25 PM, David Shaw wrote:
> On Apr 29, 2014, at 6:40 PM, Koen <koen.vanimpe at cudeso.be> wrote:
> 
>> Hi,
>> 
>> I use '--keyserver <srv> --search-keys <key'> to get info on a 
>> number of keys. As far as I can tell, that doesn't return an 
>> expiration date (if that exists).
> 
> GPG's keyserver code is capable of displaying expiration date, if
> the keyserver provides it.  Not all do.

To detail a bit more; we had a fix to read expiration from UID
self-signatures that is in the current trunk[0]. Earlier versions
(including 1.1.4) won't output these properly for the machine readable
index. For servers that does support it it can be seen as e.g.
http://sks.mrball.net:11371/pks/lookup?op=index&options=mr&search=0x0B7F8B60E3EDFAE3
that displays

pub:94CBAFDD30345109561835AA0B7F8B60E3EDFAE3:1:4096:1197735934:1483182002:

date -d at 1483182002
Sat Dec 31 12:00:02 CET 2016


> 
> But - and this is important - like all key data (from expiration 
> date, to revocation status, to the user IDs, etc), the info
> returned by a keyserver is only informational.  You cannot rely on
> it until you download the key and check it yourself.  The
> keyservers are simply storage, and do not verify the keys sent to
> them (and you shouldn't trust them even if they claimed to).
> 

Very much so, no verification on the validity of the self-signature or
other information is performed on the servers.


References:
[0]
https://bitbucket.org/skskeyserver/sks-keyserver/pull-request/12/fixes-for-machine-readable-indexes/diff

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Veni vidi visa
I came, I saw, I bought
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTYTPqAAoJEPw7F94F4TagXT8P/1bqNiTPryuHM97qB+h6XjSU
qMMH1+uk0Y8w27KaCYGJlOw/KjPnLwKTkA5eCZKvg9KptU1iIv5lh/9fRuaF/2jI
YU0cu5sQyZCFilAIlwzOnRlENRs6hKOZktOMR/4eLQBNk+RES/Rjc1S2KVsN9D51
HLu3u8QqwIJqYL78DOR8gUJu6ARyepJHsXdvOeTpbZHC/a2NfaFsJyvBFxnKUISl
6FFG+QaHTPEHYCJT9i112j0+qkySSIUNQCsEMCu4W3DXLea+taDpEDHC94kXCHDd
zmBC60dGFi1dnBQruQpsf7KqW++YPaLLmFYOKCtovOGvFK2YoLOdaYO3mJV+k9y8
sm+8/mK2FZfH3I405rDFDZ/MuS6YTXT7+I9v1rRLUelLicSzfnTA1FPvuECgQBU/
qh/AtJ7Mhe3GnQWDbAl3Zdjd65PZo3QH3Ko5L/xj77cPdplP+T7eprHxF8/G17RP
qVn7nONs5fB6eVt3Q289OS5Hi41Kxu8mVcXyinah6S9S9tiJ0kPAptP0K94mQ+h3
Jd7JRCXu4eoV95SGroIHLX2HWPSOSUwXmYI0x1Je/vB4h1b+Wv50Iw/H6NjEvBKz
uiW3HcdBCFLYG1eemBrFypZH0KqWB1IEF15qu/jATQjN8OR10BszmH6QopCMXFUA
nvDd8d+J4vjdpmdKMF+a
=ACDv
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list