Page MenuHome GnuPG

gpg --quick-set-expire fails for V5 subkeys
Testing, NormalPublic

Description

I created a Curve 448 key and then tried to remove the expiration date from the encryption subkey.

$ gpg --version
gpg (GnuPG) 2.4.6-beta4
libgcrypt 1.11.0
[...]

$ gpg -k 448
pub   ed448 2024-09-23 [SC] [expires: 2027-09-23]
      1DE1960C29F97E6762C4EA341820DAAC045579921E0F30567354CCC69FD42A1D
uid           [ultimate] Curve 448 <curve448@example.net>
sub   cv448 2024-09-23 [E] [expires: 2027-09-23]

$ gpg -k --with-colons 448
pub:u:448:22:1DE1960C29F97E67:1727082581:::u:::scESC:::::ed448:8::0:
fpr:::::::::1DE1960C29F97E6762C4EA341820DAAC045579921E0F30567354CCC69FD42A1D:
uid:u::::1727165853::7170574583A99E1E74380AAB96448841A5253C33::Curve 448 <curve448@example.net>::::::::::0:
sub:u:448:18:C4B4474450015DC3:1727082581:1821693600:::::e:::::cv448:8:
fpr:::::::::C4B4474450015DC3F84033F2C4A264D932E7801AA01EA6E53BCB685CCDEEB2A1:

$ gpg --quick-set-expire 1DE1960C29F97E6762C4EA341820DAAC045579921E0F30567354CCC69FD42A1D never C4B4474450015DC3F84033F2C4A264D932E7801AA01EA6E53BCB685CCDEEB2A1
gpg: subkey "C4B4474450015DC3F84033F2C4A264D932E7801AA01EA6E53BCB685CCDEEB2A1" not found

Related Objects

Event Timeline

Possible fix:

From 24e8191ab5de7245cf6063be778b6d3ceec4414b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de>
Date: Tue, 24 Sep 2024 10:44:31 +0200
Subject: [PATCH] gpg: Fix --quick-set-expire for V5 subkey fingerprints

* g10/keyedit.c (keyedit_quick_set_expire): Use actual size of
fingerprint.
--

The size of the fingerprints is either 20 (V4) or 32 (V5). Using the
actual size of the fingerprints fixes the lookup of subkeys with V5
fingerprint.

GnuPG-bug-id: 7298
---
 g10/keyedit.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/g10/keyedit.c b/g10/keyedit.c
index 45a1a2414..0b59e142c 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -3526,7 +3526,7 @@ keyedit_quick_set_expire (ctrl_t ctrl, const char *fpr, const char *expirestr,
                   && !pk->flags.revoked )
                 {
                   fingerprint_from_pk (pk, fprbin, &fprlen);
-                  if (fprlen == 20 && !memcmp (fprbin, desc.u.fpr, 20))
+                  if (fprlen == desc.fprlen && !memcmp (fprbin, desc.u.fpr, fprlen))
                     {
                       node->flag |= NODFLG_SELKEY;
                       any = 1;
-- 
2.43.1

Please go ahead and apply to master. I'll take then care of backporting.

werner triaged this task as Normal priority.Sep 24 2024, 2:24 PM
werner changed the task status from Open to Testing.Oct 29 2024, 1:12 PM
werner moved this task from Backlog to QA on the gnupg26 board.

Backported to 2.4 to go into 2.4.6