Public bug reported: Binary package hint: seahorse-plugins
When verifying a detached signature that GnuPG reports as good, but one that was signed with a key that has since expired, seahorse-tool reports that the signature is invalid. Example files for testing: http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.1.tar.gz http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.1.tar.gz.sig seahorse-tool --verify mediawiki-1.15.1.tar.gz.sig "FILENAME: Invalid Signature, Signed by NAME <em...@address.com> expired on DATE" (See attached screenshot of libnotify message) 1. The signature should be treated as good, but a note should mention that the key has expired. See the following message example that GPG gives. gpg --verify mediawiki-1.15.1.tar.gz.sig gpg: Signature made Mon 13 Jul 2009 11:11:00 AM PDT using DSA key ID E8A3FEC4 gpg: Good signature from "Tim Starling <tstarl...@wikimedia.org>" gpg: Note: This key has expired! Primary key fingerprint: D7D6 767D 135A 514B EB86 E9BA 7568 2B08 E8A3 FEC4 2. The date that seahorse-tool displays appears to be the signature date, and NOT the key expiration date (see screenshot). This is misleading. In the above example, the file was signed on "Mon 13 Jul 2009 11:11:00 AM PDT", but the key used to generate the signature expired on 2009-07-23. They appear to be swapped. gpg --list-key E8A3FEC4 pub 1024D/E8A3FEC4 2008-07-23 [expired: 2009-07-23] uid Tim Starling <tstarl...@wikimedia.org> An appropriately proposed message might look like the following: "FILENAME: Good Signature, Signed by NAME <em...@address.com> with Key ID XXXXXXX on SIGNATURE_DATE. Note: Key expired on KEY_EXPIRATION_DATE" ** Affects: seahorse-plugins (Ubuntu) Importance: Undecided Status: New ** Tags: seahorse -- seahorse-tool reports Invalid Signature and wrong date for expired keys https://bugs.launchpad.net/bugs/522368 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to seahorse-plugins in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs