View Issue Details

IDProjectCategoryView StatusLast Update
0000184Main CAcert WebsiteGPG/PGPpublic2013-01-14 03:00
ReporterJHC Assigned ToSourcerer  
Status closedResolutionfixed 
Fixed in Version2007 
Summary0000184: No Resigning, when GPG-Key is signed
DescriptionAfter the CAcert-certification of a PGP-public-key is expired it is not possible to get a new certification when the uploaded public-key contains the expired CACert-signature.
There is no error message. Only a valid confirmation eMail and a valid PGP-Client-Certificate on the web site. But the shown key-block doesn't contain the new signature, only the old expired one.
Removing the old signature out of the key before uploading, a new certification works fine.


Enthält ein GPG-Public-Key eine abgelaufene CAcert-Signierung, kann man den Public-Key nicht neu signieren lassen. Man erhält zwar eine Bestätigungsmail und auf der WebSite wird ein gültiger PGP-Schlüssel angezeigt, in dem angezeigten Schlüssel befindet sich allerdings keine neue Signatur, sondern nur die alte abgelaufene.
Der Fehler ist reproduzierbar und liegt def. daran, weil nach dem Entfernen der abgelaufen Signatur eine erneute CAcert-Signierung ohne Probleme möglich war.
TagsNo tags attached.
Reviewed by
Test Instructions


related to 0000460 closedSourcerer Please disable GPG signing until we have a production-quality system 



2006-03-29 21:37

manager   ~0000134

You can export you public key with the following command. This should remove all signatures:

gpg --export --armor --export-options export-minimal


2006-03-29 23:19

reporter   ~0000135

Last edited: 2006-03-29 23:24

Yes, I know. But that isn't problem-solving, I think is an unergonomic way to prevent it and most of the users doesn't know it. They only copy there "normal" public key into the form-field.

Two things:
First, not only there is NO error-message but also there is an eMail-confirmation, so they couldn't know it!
On the other point we have to think to the users not so deep inside this issue. So for excample I don't know a way to export this minal-key out of the window-client of the PGP Corp. And I know many people who only users and have no idea was an "minimal-public-key" is, less than ever how to get it.


2006-08-08 08:53

administrator   ~0000341

I would suggest the following patch, but I haven´t tested it yet:

--- 2005-05-23 03:53:59.000000000 +0200
+++ gpgcerts.php 2006-08-08 00:51:15.000000000 +0200
@@ -23,6 +23,10 @@

                $do = `gpg --homedir /root/.gnupg --import $row[csr] 2>&1`;

+ $do = `gpg --homedir /root/.gnupg --export $row[csr] --export-minimal 2>&1`;
+ $do = `gpg --homedir /root/.gnupg --batch --yes --delete-key $row[email] 2>&1`;
+ $do = `gpg --homedir /root/.gnupg --import $row[csr] 2>&1`;
                $extras = "";
                if($row['multiple'] == 1)
                        $extras .= " echo \"y\";";


2006-09-20 17:34

reporter   ~0000687

In my case also a minimal key dose not work.
The output is the same als the input only the gpg version is change from 1.4.2 to 1.4.3


2007-11-04 01:41

administrator   ~0000944

Dieses Problem sollte seit ca. einem Jahr behoben sein. Bitte testen, und diesen Bug dann schließen.

Issue History

Date Modified Username Field Change
2006-03-29 16:29 JHC New Issue
2006-03-29 21:37 bluec Note Added: 0000134
2006-03-29 23:19 JHC Note Added: 0000135
2006-03-29 23:24 JHC Note Edited: 0000135
2006-08-08 08:53 Sourcerer Note Added: 0000341
2006-08-14 02:47 duane Status new => needs work
2006-08-14 02:47 duane Assigned To => Sourcerer
2006-09-20 17:34 jnandreae Note Added: 0000687
2007-10-24 05:10 evaldo Relationship added related to 0000460
2007-11-04 01:41 Sourcerer Status needs work => solved?
2007-11-04 01:41 Sourcerer Fixed in Version => production
2007-11-04 01:41 Sourcerer Resolution open => fixed
2007-11-04 01:41 Sourcerer Note Added: 0000944
2009-04-09 13:19 Sourcerer Status solved? => closed
2013-01-14 03:00 Werner Dworak Fixed in Version => 2007