[Rpm-maint] [rpm-software-management/rpm] Installation / verification should not pass if the (sub)key(s) has been revoked or expired (#1598)
Dmitry Antipov
notifications at github.com
Wed Mar 31 15:15:10 UTC 2021
Well, it seems it would be helpful to have some advice here. In my local setup, packets analysis code detects the following,
in that order:
`
PGPTAG_PUBLIC_KEY ; [1] public key id saved
PGPTAG_SIGNATURE
<unknown 33>
PGPSUBTYPE_SIG_CREATE_TIME
PGPSUBTYPE_REVOKE_REASON ; [2] revoke reason
PGPSUBTYPE_ISSUER_KEYID ; [3] key id match saved at [1]
PGPTAG_USER_ID
PGPTAG_SIGNATURE
<unknown 33>
PGPSUBTYPE_SIG_CREATE_TIME
PGPSUBTYPE_KEY_FLAGS
PGPSUBTYPE_KEY_EXPIRE_TIME
PGPSUBTYPE_PREFER_SYMKEY
PGPSUBTYPE_PREFER_HASH
PGPSUBTYPE_PREFER_COMPRESS
PGPSUBTYPE_FEATURES
PGPSUBTYPE_KEYSERVER_PREFERS
PGPSUBTYPE_ISSUER_KEYID ; key id match saved at [1]
PGPTAG_USER_ID
PGPTAG_SIGNATURE
<unknown 33>
PGPSUBTYPE_SIG_CREATE_TIME
PGPSUBTYPE_KEY_FLAGS
PGPSUBTYPE_KEY_EXPIRE_TIME
PGPSUBTYPE_PREFER_SYMKEY
PGPSUBTYPE_PREFER_HASH
PGPSUBTYPE_PREFER_COMPRESS
PGPSUBTYPE_FEATURES
PGPSUBTYPE_KEYSERVER_PREFERS
PGPSUBTYPE_ISSUER_KEYID ; key id match saved at [1]
PGPTAG_PUBLIC_SUBKEY ; subkey saved for later analysis
PGPTAG_SIGNATURE
<unknown 33>
PGPSUBTYPE_SIG_CREATE_TIME
PGPSUBTYPE_KEY_FLAGS
PGPSUBTYPE_KEY_EXPIRE_TIME
PGPSUBTYPE_ISSUER_KEYID ; key id match saved at [1]
PGPSUBTYPE_EMBEDDED_SIG
PGPTAG_SIGNATURE
<unknown 33>
PGPSUBTYPE_SIG_CREATE_TIME
PGPSUBTYPE_SIGNER_USERID
PGPSUBTYPE_ISSUER_KEYID ; key id match saved at [1]
`
So, if [2] is detected and key id at [3] matches key id saved at [1], can I assume that the key (and so all subkeys) is revoked?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1598#issuecomment-811146766
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210331/787e324c/attachment.html>
More information about the Rpm-maint
mailing list