View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001572 | Main CAcert Website | GPG/PGP | public | 2025-01-18 11:18 | 2025-01-18 11:18 |
| Reporter | jandd | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | new | Resolution | open | ||
| Platform | Main CAcert Website | OS | N/A | OS Version | stable |
| Summary | 0001572: Attempts to sign expired OpenPGP public keys are not blocked, leading to failures from the signer | ||||
| Description | Neither client.pl nor the web application ensure that OpenPGP public keys that are sent to the signer are not expired. This causes issues. The signer uses gpg --sign-key to sign the public key and fails with a KEYEXPIRED error. There should be multiple safeguards: - expired public keys should not be accepted by the web application - signatures for expired public keys should not be renewable in the web application - client.pl should check for signature expiration before attempting to send the public key to the signer and should mark the public key as failed in the database to remove it from the signing queue | ||||
| Steps To Reproduce | Upload a public key with an expired self signature. Request the key to be signed. | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2025-01-18 11:18 | jandd | New Issue |
