[tor-bugs] #19737 [Applications/Tor Browser]: gpg/gk.gpg and gpg/torbutton.gpg are expired since 2016-07-19

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jul 27 20:43:26 UTC 2016 

#19737: gpg/gk.gpg and gpg/torbutton.gpg are expired since 2016-07-19
-----------------------------------------------+---------------------------
 Reporter:  dcf                                |          Owner:  tbb-team
     Type:  defect                             |         Status:
 Priority:  Medium                             |  needs_review
Component:  Applications/Tor Browser           |      Milestone:
 Severity:  Normal                             |        Version:
 Keywords:  tbb-gitian, TorBrowserTeam201607R  |     Resolution:
Parent ID:                                     |  Actual Points:
 Reviewer:                                     |         Points:
                                               |        Sponsor:
-----------------------------------------------+---------------------------
Changes (by boklm):

 * status:  new => needs_review
 * keywords:  tbb-gitian => tbb-gitian, TorBrowserTeam201607R


Comment:

 Replying to [comment:3 dcf]:
 >
 > Maybe it would work to migrate to using
 [https://www.gnupg.org/documentation/manuals/gnupg/gpgv.html gpgv],
 because it "assumes that all keys in the keyring are trustworthy ... it
 does not check for expired or revoked keys."

 I tried doing that, however it seems the exit status from the gpg command
 is not enough for git to accept the signature. In addition to that, it is
 using the `--status-fd=1` argument and check that the output contains a
 `GOODSIG` line. In the case of `gpgv` and a signature made using an
 expired key, the `--status-fd=1` output is the same as with `gpg`, and we
 have an `EXPKEYSIG` line instead of a `GOODSIG` line, so git does not
 accept it. According to gpg documentation, `EXPKEYSIG` means "The
 signature with the keyid is good, but the signature was made by an expired
 key".

 I attached a patch which adds a gpg wrapper which replace the `EXPKEYSIG`
 by a `GOODSIG`, and sets the exit status to 0, when the output contains an
 EXPKEYSIG line and no REVKEYSIG, BADSIG, ERRSIG line.

 In addition to that, we should probably remove the obsolete sub-keys from
 the keyring files, so they cannot be used.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19737#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list