I was extending expiry dates on my subkeys today and noticed something that looks like a bug in the keyserver.
I have 8 subkeys in total:
- 2 simple, ~4y old keys, genereated on the cli
- 3 keys generated on a smartcard, ~1y old
- 3 keys generated on the cli and uploaded to another smartcard, ~1y old
The 2 simple subkeys worked smoothly, without any issues. However, there seems to be an issue with the expiry dates of subkeys on the smart cards.
On pgp.mit.edu, everything seems to work ok: https://pgp.mit.edu/pks/lookup?op=vindex&search=0x7809D25D439171AC
On keyserver.ubuntu.com, the subkeys do show up but with an expiry date set in the past: https://keyserver.ubuntu.com/pks/lookup?search=mwasilewski%40gmx.com&fingerprint=on&op=index
On keys.gnupg.net they don't even show up, I'm guessing that's because the server thinks that they expired: http://keys.gnupg.net/pks/lookup?op=vindex&fingerprint=on&search=0x7809D25D439171AC
I purged my local keyring and recovered the public keys from a server and the expiry dates look alright:
$ gpg2 --delete-secret-and-public-keys email@example.com $ gpg2 --list-secret-keys --with-subkey-fingerprints $ gpg2 --list-keys $ gpg2 --keyserver keyserver.ubuntu.com --recv-keys 7809D25D439171AC gpg: key 7809D25D439171AC: public key "Michal Wasilewski (Personal Master Key) <firstname.lastname@example.org>" imported gpg: Total number processed: 1 gpg: imported: 1 $ gpg2 --list-keys /home/michal/.gnupg/pubring.kbx ------------------------------- pub rsa4096 2016-10-01 [SCE] 2441B1996BCCA0D495C280D97809D25D439171AC uid [ unknown] Michal Wasilewski (Personal Master Key) <email@example.com> sub rsa2048 2016-10-01 [S] [expires: 2022-09-16] sub rsa2048 2016-10-01 [E] [expires: 2022-09-16] sub rsa4096 2019-07-02 [A] [expires: 2022-09-16] sub rsa4096 2019-07-02 [E] [expires: 2022-09-16] sub rsa4096 2019-07-02 [S] [expires: 2022-09-16] sub rsa2048 2019-07-02 [S] [expires: 2022-09-16] sub rsa2048 2019-07-02 [E] [expires: 2022-09-16] sub rsa2048 2019-07-02 [A] [expires: 2022-09-16]
$ gpg2 --version gpg (GnuPG) 2.2.20 libgcrypt 1.8.5 Copyright (C) 2020 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/michal/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 $ sudo dnf info gnupg2-2.2.20-2.fc32.x86_64 Last metadata expiration check: 2:25:54 ago on Wed 16 Sep 2020 10:33:58 AM CEST. Installed Packages Name : gnupg2 Version : 2.2.20 Release : 2.fc32 Architecture : x86_64 Size : 9.6 M Source : gnupg2-2.2.20-2.fc32.src.rpm Repository : @System From repo : updates Summary : Utility for secure communication and data storage URL : http://www.gnupg.org/ License : GPLv3+ Description : GnuPG is GNU's tool for secure communication and data storage. It can : be used to encrypt data and to create digital signatures. It includes : an advanced key management facility and is compliant with the proposed : OpenPGP Internet standard as described in RFC2440 and the S/MIME : standard as described by several RFCs. : : GnuPG 2.0 is a newer version of GnuPG with additional support for : S/MIME. It has a different design philosophy that splits : functionality up into several modules. The S/MIME and smartcard functionality : is provided by the gnupg2-smime package. $ cat /etc/*-release Fedora release 32 (Thirty Two) NAME=Fedora VERSION="32 (Workstation Edition)" ID=fedora VERSION_ID=32 VERSION_CODENAME="" PLATFORM_ID="platform:f32" PRETTY_NAME="Fedora 32 (Workstation Edition)" ANSI_COLOR="0;34" LOGO=fedora-logo-icon CPE_NAME="cpe:/o:fedoraproject:fedora:32" HOME_URL="https://fedoraproject.org/" DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f32/system-administrators-guide/" SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Fedora" REDHAT_BUGZILLA_PRODUCT_VERSION=32 REDHAT_SUPPORT_PRODUCT="Fedora" REDHAT_SUPPORT_PRODUCT_VERSION=32 PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy" VARIANT="Workstation Edition" VARIANT_ID=workstation Fedora release 32 (Thirty Two) Fedora release 32 (Thirty Two) $ uname -a Linux waw-desktop-1 5.8.7-200.fc32.x86_64 #1 SMP Mon Sep 7 15:26:10 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux