Keyserver presents the expiry date incorrectly
Open, Needs TriagePublic

Description

Hi,

I was extending expiry dates on my subkeys today and noticed something that looks like a bug in the keyserver.

I have 8 subkeys in total:

  • 2 simple, ~4y old keys, genereated on the cli
  • 3 keys generated on a smartcard, ~1y old
  • 3 keys generated on the cli and uploaded to another smartcard, ~1y old

The 2 simple subkeys worked smoothly, without any issues. However, there seems to be an issue with the expiry dates of subkeys on the smart cards.

On pgp.mit.edu, everything seems to work ok: https://pgp.mit.edu/pks/lookup?op=vindex&search=0x7809D25D439171AC

On keyserver.ubuntu.com, the subkeys do show up but with an expiry date set in the past: https://keyserver.ubuntu.com/pks/lookup?search=mwasilewski%40gmx.com&fingerprint=on&op=index

On keys.gnupg.net they don't even show up, I'm guessing that's because the server thinks that they expired: http://keys.gnupg.net/pks/lookup?op=vindex&fingerprint=on&search=0x7809D25D439171AC

I purged my local keyring and recovered the public keys from a server and the expiry dates look alright:

$ gpg2 --delete-secret-and-public-keys mwasilewski@gmx.com
$ gpg2 --list-secret-keys --with-subkey-fingerprints
$ gpg2 --list-keys
$ gpg2 --keyserver keyserver.ubuntu.com --recv-keys 7809D25D439171AC
gpg: key 7809D25D439171AC: public key "Michal Wasilewski (Personal Master Key) <mwasilewski@gmx.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
$ gpg2 --list-keys
/home/michal/.gnupg/pubring.kbx
-------------------------------
pub   rsa4096 2016-10-01 [SCE]
      2441B1996BCCA0D495C280D97809D25D439171AC
uid           [ unknown] Michal Wasilewski (Personal Master Key) <mwasilewski@gmx.com>
sub   rsa2048 2016-10-01 [S] [expires: 2022-09-16]
sub   rsa2048 2016-10-01 [E] [expires: 2022-09-16]
sub   rsa4096 2019-07-02 [A] [expires: 2022-09-16]
sub   rsa4096 2019-07-02 [E] [expires: 2022-09-16]
sub   rsa4096 2019-07-02 [S] [expires: 2022-09-16]
sub   rsa2048 2019-07-02 [S] [expires: 2022-09-16]
sub   rsa2048 2019-07-02 [E] [expires: 2022-09-16]
sub   rsa2048 2019-07-02 [A] [expires: 2022-09-16]

Version info:

$ gpg2 --version                                                                                                                                
gpg (GnuPG) 2.2.20
libgcrypt 1.8.5
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/michal/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
$ sudo dnf info gnupg2-2.2.20-2.fc32.x86_64
Last metadata expiration check: 2:25:54 ago on Wed 16 Sep 2020 10:33:58 AM CEST.
Installed Packages
Name         : gnupg2
Version      : 2.2.20
Release      : 2.fc32
Architecture : x86_64
Size         : 9.6 M
Source       : gnupg2-2.2.20-2.fc32.src.rpm
Repository   : @System
From repo    : updates
Summary      : Utility for secure communication and data storage
URL          : http://www.gnupg.org/
License      : GPLv3+
Description  : GnuPG is GNU's tool for secure communication and data storage.  It can
             : be used to encrypt data and to create digital signatures.  It includes
             : an advanced key management facility and is compliant with the proposed
             : OpenPGP Internet standard as described in RFC2440 and the S/MIME
             : standard as described by several RFCs.
             : 
             : GnuPG 2.0 is a newer version of GnuPG with additional support for
             : S/MIME.  It has a different design philosophy that splits
             : functionality up into several modules. The S/MIME and smartcard functionality
             : is provided by the gnupg2-smime package.
$ cat /etc/*-release            
Fedora release 32 (Thirty Two)
NAME=Fedora
VERSION="32 (Workstation Edition)"
ID=fedora
VERSION_ID=32
VERSION_CODENAME=""
PLATFORM_ID="platform:f32"
PRETTY_NAME="Fedora 32 (Workstation Edition)"
ANSI_COLOR="0;34"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:32"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f32/system-administrators-guide/"
SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=32
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=32
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Workstation Edition"
VARIANT_ID=workstation
Fedora release 32 (Thirty Two)
Fedora release 32 (Thirty Two)
$ uname -a               
Linux waw-desktop-1 5.8.7-200.fc32.x86_64 #1 SMP Mon Sep 7 15:26:10 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Georg3 created this task.Sep 17 2020, 10:35 AM
Georg3 created this object in space S1 Public.