Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate key expiration time #7

Closed
slawekjaranowski opened this issue Dec 24, 2020 · 5 comments · Fixed by #22
Closed

Validate key expiration time #7

slawekjaranowski opened this issue Dec 24, 2020 · 5 comments · Fixed by #22
Assignees
@slawekjaranowski
Labels
enhancement New feature or request.

Comments

@slawekjaranowski
Copy link
Member

Key expiration time should be checked and when key expire signing should fail.
@slawekjaranowski slawekjaranowski added the enhancement New feature or request. label Dec 24, 2020
@mkarg
Copy link
Contributor

mkarg commented Dec 29, 2020

Should it really fail or should it just log a warning? Possibly a philosopic question.

@mkarg
Copy link
Contributor

mkarg commented Dec 29, 2020

I am neither a GPG nor Bouncy Castle expert, so I checked the API and it seems only public keys have an expiration date (secretKey.getPublicKey().getValidDays())?

@slawekjaranowski
Copy link
Member Author

IMHO for expired key we should break and report cause with reason
the same does gpg (but reason is only in verbose mode)

gpg -v --armo --sign -u B09391374A115DE2
gpg: Note: signature key B09391374A115DE2 expired Wed Dec 23 08:29:20 2020 CET
gpg: skipped "B09391374A115DE2": Unusable secret key
gpg: signing failed: Unusable secret key

@mkarg
Copy link
Contributor

mkarg commented Dec 30, 2020

Agreed. Do you know how to ask Bouncy Castle for the expiration date? I just cannot find that in the API docs. :-(

slawekjaranowski added a commit that referenced this issue Dec 30, 2020
@slawekjaranowski
add expired key for testing #7
625bdf4
@slawekjaranowski
Copy link
Member Author

It is not easy - I know

my recipe - add test and in debug mode look at loaded pgp object, and look to bouncycastle source

useful will be look at pgp packets, by:

gpg --list-packets src/test/resources/priv-expired-key-no-pass.asc

I will try to do it today evening

slawekjaranowski added a commit that referenced this issue Dec 30, 2020
@slawekjaranowski
Merge pull request #20 from s4u/ex-key
3f737d6 
add expired key for testing #7
@slawekjaranowski slawekjaranowski self-assigned this Dec 30, 2020
slawekjaranowski added a commit that referenced this issue Dec 30, 2020
@slawekjaranowski
Validate key expiration time
a9b5dca 
fix #7
slawekjaranowski added a commit that referenced this issue Dec 30, 2020
@slawekjaranowski
Validate key expiration time
481beda 
fix #7
@slawekjaranowski slawekjaranowski mentioned this issue Dec 30, 2020
Merged
slawekjaranowski added a commit that referenced this issue Dec 30, 2020
@slawekjaranowski
Validate key expiration time
7fee01d 
fix #7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@slawekjaranowski slawekjaranowski

Labels
enhancement New feature or request.
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Validate key expiration time s4u/sign-maven-plugin
2 participants
@mkarg @slawekjaranowski