Exporting/ importing changes expiration date of subkeys...

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Nov 13 23:50:47 CET 2018


On Tue 2018-11-13 09:15:46 +0100, gnupgpacker wrote:
> Hello,
>
> importing to R2mail2 is working *without* changing expiration dates, if key
> is exported from GnuPG-2.1.11...
>
> "Converting-way":
> Export GnuPG-1.4.23(GPGkeys/Win7) > Import GnuPG-2.1.11(Win7) > Export
> GnuPG-2.1.11(Win7) > Import R2mail2(Android-8.1) > works faultless
>
>>> Exporting (older) RSA keys should be independent from GnuPG version 1.4x
>>> or 2.2x, isn't it?
>> For each import/export operation you're asking about (both successes and
>> failures), could you give the following information clearly:
>>  * Are you exporting secret keys?
>>    or exporting public keys?
> RSA-4096 keypair secret + public
> (1 main key C, 3 subkeys for S/A/E)
>
>>  * where were the secret keys originally created? (on what program does
>>    the original export happen?)
> GPGkeys with GnuPG-1.4.23(Win7)
>
>>  * which program is doing the import?
> R2mail2(Android-8.1)
>
>>  * does the program doing the import modify the OpenPGP certificate in
>>    any way?
> It seems to modify expiration date...

have you reached out to the r2mail2 author about this?  it sounds to me
like it's possible that gpg 1.4 is exporting multiple binding signatures
per subkey, and r2mail2 is only seeing one of them (or something like
that).

does the same thing happen if you export public key material, without
the secret key material?  If it does, that might be easier to debug,
because you should be able to send just the public key material to
someone else who can help debug (i'd understand you being unwilling to
send the secret key to someone else).

I've cc'ed Stefan from r2mail2 here, in the hopes that he can take a
look.

>> it is not normal for the primary key to be marked as
>> authentication-capable ("A").  If you have a tool that is doing that,
>> please report back what tool that is, on what platform and what version!
>
> Keys with this structure are created with GPGkeys (part of GPGshell for
> Windows v3.78) and GnuPG-1.4.23, all included in Sebastians's GnuPG-Pack. 
> http://www.rose-indorf.de/gnupgpack/ 

This sounds like a bug in gnupgpack, but i don't see a good way to
report bugs at the URL above.  I would generally not recommend such a
configuration.


> In my lightweight opinion there must be issues while creating (SCA) and
> exporting (date) those keys with GPGkeys/GnuPG-1.4.23(Win7)!?

well, you said that they imported correctly into other programs, right?
so maybe the issue is at the intersection of r2mail2 and classic GnuPG.

> Maybe time to change GnuPG setup to newer versions 2.1x or 2.2x...
> But GPGrelay is needed...

GPGrelay should really upgrade to the modern GnuPG suite.  Maybe as a
user you can ask the author what's blocking them from upgrading?

    --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181113/95930999/attachment.sig>


More information about the Gnupg-users mailing list