Page MenuHome GnuPG
Create Task
Maniphest T7298

gpg --quick-set-expire fails for V5 subkeys
Testing, NormalPublic
Actions

Description

I created a Curve 448 key and then tried to remove the expiration date from the encryption subkey.

$ gpg --version
gpg (GnuPG) 2.4.6-beta4
libgcrypt 1.11.0
[...]

$ gpg -k 448
pub   ed448 2024-09-23 [SC] [expires: 2027-09-23]
      1DE1960C29F97E6762C4EA341820DAAC045579921E0F30567354CCC69FD42A1D
uid           [ultimate] Curve 448 <curve448@example.net>
sub   cv448 2024-09-23 [E] [expires: 2027-09-23]

$ gpg -k --with-colons 448
pub:u:448:22:1DE1960C29F97E67:1727082581:::u:::scESC:::::ed448:8::0:
fpr:::::::::1DE1960C29F97E6762C4EA341820DAAC045579921E0F30567354CCC69FD42A1D:
uid:u::::1727165853::7170574583A99E1E74380AAB96448841A5253C33::Curve 448 <curve448@example.net>::::::::::0:
sub:u:448:18:C4B4474450015DC3:1727082581:1821693600:::::e:::::cv448:8:
fpr:::::::::C4B4474450015DC3F84033F2C4A264D932E7801AA01EA6E53BCB685CCDEEB2A1:

$ gpg --quick-set-expire 1DE1960C29F97E6762C4EA341820DAAC045579921E0F30567354CCC69FD42A1D never C4B4474450015DC3F84033F2C4A264D932E7801AA01EA6E53BCB685CCDEEB2A1
gpg: subkey "C4B4474450015DC3F84033F2C4A264D932E7801AA01EA6E53BCB685CCDEEB2A1" not found

Revisions and Commits

rG GnuPG
rGf355f3f38182 gpg: Fix --quick-set-expire for V5 subkey fingerprints
rG79298e87d843 gpg: Fix --quick-set-expire for V5 subkey fingerprints

Event Timeline

ikloecker created this task.Sep 24 2024, 10:42 AM

Possible fix:

From 24e8191ab5de7245cf6063be778b6d3ceec4414b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de>
Date: Tue, 24 Sep 2024 10:44:31 +0200
Subject: [PATCH] gpg: Fix --quick-set-expire for V5 subkey fingerprints

* g10/keyedit.c (keyedit_quick_set_expire): Use actual size of
fingerprint.
--

The size of the fingerprints is either 20 (V4) or 32 (V5). Using the
actual size of the fingerprints fixes the lookup of subkeys with V5
fingerprint.

GnuPG-bug-id: 7298
---
 g10/keyedit.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/g10/keyedit.c b/g10/keyedit.c
index 45a1a2414..0b59e142c 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -3526,7 +3526,7 @@ keyedit_quick_set_expire (ctrl_t ctrl, const char *fpr, const char *expirestr,
                   && !pk->flags.revoked )
                 {
                   fingerprint_from_pk (pk, fprbin, &fprlen);
-                  if (fprlen == 20 && !memcmp (fprbin, desc.u.fpr, 20))
+                  if (fprlen == desc.fprlen && !memcmp (fprbin, desc.u.fpr, fprlen))
                     {
                       node->flag |= NODFLG_SELKEY;
                       any = 1;
-- 
2.43.1
werner claimed this task.Sep 24 2024, 2:20 PM
werner edited projects, added gnupg26, gnupg24; removed gnupg.
werner added a comment.Sep 24 2024, 2:23 PM

Please go ahead and apply to master. I'll take then care of backporting.

werner triaged this task as Normal priority.Sep 24 2024, 2:24 PM
ikloecker added a commit: rG79298e87d843: gpg: Fix --quick-set-expire for V5 subkey fingerprints.Sep 24 2024, 11:20 PM
werner added a commit: rGf355f3f38182: gpg: Fix --quick-set-expire for V5 subkey fingerprints.Tue, Oct 29, 1:10 PM
werner changed the task status from Open to Testing.Tue, Oct 29, 1:12 PM
werner moved this task from Backlog to QA on the gnupg26 board.

Backported to 2.4 to go into 2.4.6

werner moved this task from Backlog to QA on the gnupg24 board.Tue, Oct 29, 1:12 PM