View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000669||Main CAcert Website||GPG/PGP||public||2009-01-09 13:16||2014-04-06 18:05|
|Product Version||2009 Q1|
|Summary||0000669: PGP System fails to update keys it mistakenly things have expired... sorta|
|Description||My PGP key A1E732BB had an expiration date when I uploaded it years ago, but that expiration date was removed long before it expired.|
As such, the CACert PGP system has the "new" version of my key on one email/UID (firstname.lastname@example.org), and the "old" version on the other email/UID (email@example.com).
I see no way to upload a new copy of that key for that email, or to delete the key CACert has. Uploading the key as firstname.lastname@example.org didn't make it notice that email@example.com is the same key (and in fact the *primary* UID!).
|Tags||No tags attached.|
||We have changed the architecture, to make sure that every request is handled independently from any other request (or previously issued PGP signatures). So I doubt that the fact that you previously uploaded a key with an expiration date can still cause a problem here. Could you please send me the key to firstname.lastname@example.org and contact me on IRC (or some other method), so that we can take a look at it together?|
||Couldn't find you on irc, but I sent you an email with my key.|
You can upload your key through +GPG/PGP Keys -> New at any time to get it signed, whether you have uploaded it before, or not. CAcert does not mind, whether you have uploaded it before, or not.
If this does not work, then please file a bug or contact me.
The order of UIDs in a key is unfortunately not very well defined with GnuPG and different from time to time.
The +GPG/PGP Keys -> View page is always historic, and shows all the requests you made to upload a PGP key. Since there is no usable revocation mechanism for PGP key signatures, and since all new requests are handled independently of all previous requests, deleting a key would not have any effect.
I have to requests open for my key 9A61 50DE AB02 9ADD F4D7 35E3 5CA4 893E 69B9 FC4E to get signed. This key never had an expiration date set, however I got an error message that the key is expired and the key is not signed.
I'm connected to irc.cacert.org as Dakon, feel free to ping me anytime you need assistance.
||dakon: It seems one of the two subkeys (the RSA 2048 one) has a key expiration set. Thus I'm not sureI'm not quite sure how things have to be assessed. I wonder why it neither signs nor gives a clear rejection for this key.|
||I was able to re-upload my key and it accepted it as valid. Sorry for the very long delay. It would still be nice to delete the old entries though.|
|2009-01-09 13:16||jaymzh||New Issue|
|2009-01-09 16:10||Sourcerer||Note Added: 0001267|
|2009-01-09 17:30||jaymzh||Note Added: 0001268|
|2009-01-28 16:15||jaymzh||Note Added: 0001270|
|2009-01-28 16:16||jaymzh||Reproducibility||N/A => always|
|2010-08-03 11:38||Sourcerer||Note Added: 0001609|
|2012-12-20 07:48||Werner Dworak||Relationship added||related to 0000089|
|2012-12-20 08:32||Werner Dworak||Relationship added||related to 0001079|
|2014-03-20 23:09||dakon||Note Added: 0004664|
|2014-04-06 07:48||BenBE||Note Added: 0004695|
|2014-04-06 08:56||BenBE||Status||new => needs work|
|2014-04-06 08:56||BenBE||Product Version||=> 2009 Q1|
|2014-04-06 18:05||jaymzh||Note Added: 0004696|