Page MenuHome GnuPG
Create Task
Maniphest T6235

Problem editing Expiration Time
Open, NormalPublic
Actions

Description

When editing the Expiration Time of a key that has both a Direct Key Signature packet and a User ID Binding Signature, GnuPG doesn't work as I'd expect.

For such keys, gpg --edit-key -> expire only changes the Expiration Time value on the User ID Binding Signature, but leaves the Expiration Time on the Direct Key Signature unchanged.

This leaves the key in an internally inconsistent state, which seems bad to me.
It's additionally confusing that when displaying the key, GnuPG prints the (unchanged) Expiration Time (from the Direct Key Signature packet). This makes the key-edit operation appear like a no-op.

I've attached a sample key to reproduce the problem:

alice.priv2 KBDownload

To reproduce:

$ gpg --import alice.priv
gpg: key 6045BF99496B42A9: public key "<alice@example.org>" imported
gpg: key 6045BF99496B42A9: secret key imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1

$ gpg --edit-key alice
gpg (GnuPG) 2.3.7; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  ed25519/6045BF99496B42A9
     created: 2022-10-10  expires: 2025-10-10  usage: C
     trust: unknown       validity: unknown
ssb  ed25519/9B6A3622908344C8
     created: 2022-10-10  expires: 2025-10-10  usage: A
ssb  ed25519/A4118C71E2E75989
     created: 2022-10-10  expires: 2025-10-10  usage: S
ssb  cv25519/A76F88DDE7CCAC00
     created: 2022-10-10  expires: 2025-10-10  usage: E
[ unknown] (1). <alice@example.org>

gpg> expire
Changing expiration time for the primary key.
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 10y
Key expires at Thu 07 Oct 2032 06:04:34 PM CEST
Is this correct? (y/N) y

sec  ed25519/6045BF99496B42A9
     created: 2022-10-10  expires: 2025-10-10  usage: C
     trust: unknown       validity: unknown
ssb  ed25519/9B6A3622908344C8
     created: 2022-10-10  expires: 2025-10-10  usage: A
ssb  ed25519/A4118C71E2E75989
     created: 2022-10-10  expires: 2025-10-10  usage: S
ssb  cv25519/A76F88DDE7CCAC00
     created: 2022-10-10  expires: 2025-10-10  usage: E
[ unknown] (1). <alice@example.org>

Note that the "expires" value at the end of the edit process appears unchanged.

Thanks,
Heiko

Details

Version
gpg 2.3.7

Event Timeline

heiko created this task.Oct 10 2022, 6:21 PM
werner added a subscriber: werner.Oct 11 2022, 10:28 AM

Direct key signatures are rarely used. IIRC, we implemented that the same way PGP did it.

May I turn this report into a feature request to

  • Add a feature to edit a Direct Key Signature
  • Show that the expiration time comes from such a signature.
heiko added a comment.Oct 11 2022, 10:58 AM

Thanks for looking into this!

My main concern is that it's confusing to users (and possibly dangerous) if there are multiple values for Expiration Time in a key, but GnuPG implicitly edits only a subset of those.

Seems to me that the safest approach would be to always adjust all Expiration Time values in unison when a user performs gpg --edit-key -> expire.

I'm unsure if your suggestion is to implement that, or if you're considering adding a separate command to specifically edit metadata in a Direct Key Signature?

werner added a comment.Oct 11 2022, 3:07 PM

My suggestion is to clearly state that there is a direct Key Signature with an expiration date. Another feature would be to add a separate command to modify Direct Key Signatures. However, the latter has the problem that it help with proliferation of such signatures and other OpenPGP implementation will run into other problems. Thus for the whole ecosystem such an option is might not be a good idea.

canti59 added a commit: rG8046fcac63db: po: Update Czech translation..Oct 14 2022, 2:10 AM
gniibe removed a commit: rG8046fcac63db: po: Update Czech translation..Oct 14 2022, 2:50 AM
heiko added a comment.Oct 14 2022, 1:39 PM

It seems to me there are two separate concerns here:

  1. how can GnuPG handle changing of expiration time on this type of key in a robust manner, and
  2. should GnuPG inform its users that this type of key is discouraged by GnuPG.

On 1): I think it is important that GnuPG's output of gpg --edit-key -> expire is internally consistent. Producing keys with contradictory Expiration Time values seems obviously wrong to me.
I think the most straightforward way to do is to update all occurrences of Expiration Time on keys.

An alternative approach might be that GnuPG could normalize such a key, by removing the Direct Key Signature. I suppose this would necessitate folding whatever metadata is on that Signature into the primary User ID binding signature. That seems both harder and possibly more error prone. I don't prefer this approach.

Independent of this, regarding 2): GnuPG could of course choose to print warning messages while editing this type of key. The message could explain why GnuPG considers this type of Packet structure suboptimal.

However, I think it would be a disservice to GnuPG's users and the entire OpenPGP ecosystem if GnuPG's edit-key function continues to produce keys with internally inconsistent Expiration Times values.

werner edited projects, added Feature Request, gnupg (gpg23); removed Bug Report.Oct 20 2022, 10:09 PM
werner triaged this task as Normal priority.Oct 24 2022, 7:19 AM
werner added a project: gnupg24.Dec 13 2022, 11:21 AM
werner removed a project: gnupg (gpg23).Jan 19 2023, 4:44 PM