View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000184 | Main CAcert Website | GPG/PGP | public | 2006-03-29 16:29 | 2013-01-14 03:00 |
| Reporter | JHC | Assigned To | Sourcerer | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Fixed in Version | 2007 | ||||
| Summary | 0000184: No Resigning, when GPG-Key is signed | ||||
| Description | After the CAcert-certification of a PGP-public-key is expired it is not possible to get a new certification when the uploaded public-key contains the expired CACert-signature. There is no error message. Only a valid confirmation eMail and a valid PGP-Client-Certificate on the web site. But the shown key-block doesn't contain the new signature, only the old expired one. Removing the old signature out of the key before uploading, a new certification works fine. --- Enthält ein GPG-Public-Key eine abgelaufene CAcert-Signierung, kann man den Public-Key nicht neu signieren lassen. Man erhält zwar eine Bestätigungsmail und auf der WebSite wird ein gültiger PGP-Schlüssel angezeigt, in dem angezeigten Schlüssel befindet sich allerdings keine neue Signatur, sondern nur die alte abgelaufene. Der Fehler ist reproduzierbar und liegt def. daran, weil nach dem Entfernen der abgelaufen Signatur eine erneute CAcert-Signierung ohne Probleme möglich war. | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
|
|
You can export you public key with the following command. This should remove all signatures: gpg --export --armor --export-options export-minimal |
|
|
Yes, I know. But that isn't problem-solving, I think is an unergonomic way to prevent it and most of the users doesn't know it. They only copy there "normal" public key into the form-field. Two things: First, not only there is NO error-message but also there is an eMail-confirmation, so they couldn't know it! On the other point we have to think to the users not so deep inside this issue. So for excample I don't know a way to export this minal-key out of the window-client of the PGP Corp. And I know many people who only users and have no idea was an "minimal-public-key" is, less than ever how to get it. |
|
|
I would suggest the following patch, but I haven´t tested it yet: --- gpgcerts.php.org 2005-05-23 03:53:59.000000000 +0200 +++ gpgcerts.php 2006-08-08 00:51:15.000000000 +0200 @@ -23,6 +23,10 @@ $do = `gpg --homedir /root/.gnupg --import $row[csr] 2>&1`; + $do = `gpg --homedir /root/.gnupg --export $row[csr] --export-minimal 2>&1`; + $do = `gpg --homedir /root/.gnupg --batch --yes --delete-key $row[email] 2>&1`; + $do = `gpg --homedir /root/.gnupg --import $row[csr] 2>&1`; + $extras = ""; if($row['multiple'] == 1) $extras .= " echo \"y\";"; |
|
|
In my case also a minimal key dose not work. The output is the same als the input only the gpg version is change from 1.4.2 to 1.4.3 |
|
|
Dieses Problem sollte seit ca. einem Jahr behoben sein. Bitte testen, und diesen Bug dann schließen. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2006-03-29 16:29 | JHC | New Issue | |
| 2006-03-29 21:37 |
|
Note Added: 0000134 | |
| 2006-03-29 23:19 | JHC | Note Added: 0000135 | |
| 2006-03-29 23:24 | JHC | Note Edited: 0000135 | |
| 2006-08-08 08:53 | Sourcerer | Note Added: 0000341 | |
| 2006-08-14 02:47 | duane | Status | new => needs work |
| 2006-08-14 02:47 | duane | Assigned To | => Sourcerer |
| 2006-09-20 17:34 | jnandreae | Note Added: 0000687 | |
| 2007-10-24 05:10 | evaldo | Relationship added | related to 0000460 |
| 2007-11-04 01:41 | Sourcerer | Status | needs work => solved? |
| 2007-11-04 01:41 | Sourcerer | Fixed in Version | => production |
| 2007-11-04 01:41 | Sourcerer | Resolution | open => fixed |
| 2007-11-04 01:41 | Sourcerer | Note Added: 0000944 | |
| 2009-04-09 13:19 | Sourcerer | Status | solved? => closed |
| 2013-01-14 03:00 | Werner Dworak | Fixed in Version | => 2007 |
