Page MenuHome GnuPG
Create Task
Maniphest T2917

--locate-key should re-fetch key via WKD if it is expired
Closed, ResolvedPublic
Actions

Description

If one tries to fetch a key over wkd and there already is an earlier expired
version of that key in the local keyring gnupg doesn't re-fetch the key. This
doesn't seem to make sense, because it'll mean an expired key can never be
updated over wkd.

To reproduce:

  • Import attached key, which is expired (a new version is provided over wkd).
  • Try to import:

gpg --auto-key-locate=wkd --locate-key [emailaddress]

It'll just show the expired key.

Details

Version
master

Revisions and Commits

rG GnuPG
rG0709f358cd13 gpg: Refresh expired keys originating from the WKD.
rG7f172404bfcf gpg: Refresh expired keys originating from the WKD.
rM GPGME
D463rM7bc5d3c7e41c Add ctx flag for auto-key-locate

Related Objects

Event Timeline

hanno added projects: gnupg, Bug Report.Jan 9 2017, 3:48 PM
hanno set Version to 2.1.17.
hanno added a subscriber: hanno.

940_root.asc7 KBDownload

werner added a subscriber: werner.Jan 10 2017, 5:30 PM

Good point.

werner added a project: gnupg (gpg22).Jan 10 2017, 5:30 PM
aheinecke added a subscriber: aheinecke.Jan 13 2017, 1:34 PM

For what it's worth i think WKD checks should be done even more regularly then
when they are explicitly triggered thorugh locate keys because we need to see
updates on key rollover / revocation of keys or uids. Something like the
parcimonie style auto-key-refesh that is currently planned.

But yes re fetching on locate-keys if the key / uid for key-locate is expired
would be a first step.

justus changed Version from 2.1.17 to master.Mar 2 2017, 3:28 PM
justus added a subscriber: justus.

Hum, there is something strange going on here:

% gpg --auto-key-locate wkd --locate-key root@leckerlecker
... no update...
% gpg --auto-key-locate wkd,local --locate-key root@leckerlecker
... no update...
% gpg --auto-key-locate clear,wkd,local --locate-key root@leckerlecker
... update!...

justus added a comment.Mar 2 2017, 4:24 PM

So I went over the code that does --locate-key. There, the available methods
are ordered, and if 'local' is not given, it is explicitly done first, unless
'nodefault' is given. This is one of the parts of GnuPG that I'm really afraid
to change ;)

werner added a comment.Mar 2 2017, 4:54 PM

That implicit local is for backward compatibility and to avoid network lookups
as much as possible (privacy leak). "clear" is required because auto-key-locate
is cumulative.

werner added a comment.Mar 2 2017, 4:55 PM

Shall I then thake this bug?

justus added a comment.Mar 9 2017, 3:22 PM

Yes, I think that would be good.

werner claimed this task.Mar 10 2017, 10:52 AM
justus moved this task from Backlog to Blocker on the gnupg (gpg22) board.May 24 2017, 1:18 PM
werner moved this task from Blocker to Backlog on the gnupg (gpg22) board.Aug 28 2017, 9:59 AM
werner merged a task: T3066: wks should automatically refresh keys.Nov 14 2017, 4:32 PM
werner added a subscriber: neal.
wiktor-k added a subscriber: wiktor-k.Jun 27 2018, 8:52 PM
werner raised the priority of this task from Normal to High.Jul 2 2018, 10:39 AM
neal removed a subscriber: neal.Jul 2 2018, 10:43 AM
aheinecke added a comment.Jul 2 2018, 11:13 AM

Maybe a first step would be a "KEYLIST_MODE_WKD" which sets "auto-key-locate clear,nodefault,wkd" (Would be nice for T3910 ) or just a ctx_flag "auto-key-locate" so that the caller can decide?

aheinecke added a revision: D463: Add ctx flag for auto-key-locate.Jul 3 2018, 6:02 PM
werner added a comment.Jul 6 2018, 9:08 AM

Actually the --locate-key command differs from the implicit use of locate key code when encrypting to a mail address.
After importing the expired key and running for example

fortune | ~/b/gnupg-2.2/g10/gpg --always-trust --no-encrypt-to -vaer  THATMAILADDRESS

The expired key is detected and a fresh copy is retrieved via WKD.

werner renamed this task from wkd discovery should re-fetch key if it is expired to --locate-key should re-fetch key via WKD if it is expired.Jul 6 2018, 9:09 AM
werner updated the task description. (Show Details)
werner removed a project: gnupg (gpg22).
werner edited projects, added gnupg (gpg22); removed gnupg.
aheinecke added a commit: rM7bc5d3c7e41c: Add ctx flag for auto-key-locate.Jul 9 2018, 10:58 AM
werner added a commit: rG7f172404bfcf: gpg: Refresh expired keys originating from the WKD..Aug 28 2018, 3:35 PM
werner added a commit: rG0709f358cd13: gpg: Refresh expired keys originating from the WKD..
werner closed this task as Resolved.Aug 28 2018, 3:42 PM

Done. To be released with 2.2.10.

FWIW: We check for an expired primary key and for expired encryption subkeys but not for other subkeys like authentication subkeys.

aheinecke added a comment.Aug 28 2018, 4:03 PM

Why the restriction to keyorg wkd ?

In my opinion "--locate-key" should behave like no local key was found if the only local key found is expired. And then use the auto-key-locate options as configured.

From a MUA standpoint the case "We only find an expired key" and "We do not find any key" are basically the same.

The problem for me is that I have very few keys with origin wkd initially in an existing key ring. And even for new keyrings WKD will not be set as origin for all the keys fetched through auto-key-retrieve and other sources even though it may additionally be available in WKD.

aheinecke added a comment.Aug 28 2018, 4:05 PM

Without KEYLIST_MODE_WKD I also can't implement the desired behavior in a MUA using GnuPG.

werner mentioned this in T4112: GnuPG 2.2.10 release.Aug 30 2018, 3:58 PM