Package: signing-party
Version: 1.1.3-1
Severity: wishlist
Tags: patch
pgpring shows expired signatures in its output, without information
about expiration. If you use the pgpring output with keyanalyze, this
will cause incorrect computation of the MSD, because expired signatures
are counted as valid.
The attached patch:
1) adds the expiration date (if present) to keys
2) adds generation date and (if present) expiration date to signatures
3) adds a commandline option -e to exclude expired signatures from
output
4) adds a commandline option -E to exclude expired keys from output
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages signing-party depends on:
ii gnupg 1.4.10-4 GNU privacy guard - a free PGP rep
ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib
ii libclass-methodmaker-perl 2.15-2 Perl module for creating generic m
ii libgnupg-interface-perl 0.42-3 Perl interface to GnuPG
ii libmailtools-perl 2.06-1 Manipulate email in perl programs
ii libmime-tools-perl 5.428-1 Perl5 modules for MIME-compliant m
ii libterm-readkey-perl 2.30-4 A perl module for simple terminal
ii libtext-template-perl 1.45-1 Text::Template perl module
ii perl 5.10.1-15 Larry Wall's Practical Extraction
ii qprint 1.0.dfsg.2-2 encoder and decoder for quoted-pri
Versions of packages signing-party recommends:
ii libgd-gd2-noxpm-perl 1:2.39-2+b1 Perl module wrapper for libgd - gd
ii libpaper-utils 1.1.24 library for handling paper charact
ii libtext-iconv-perl 1.7-2 converts between character sets in
ii postfix [mail-transport-agen 2.7.1-1 High-performance mail transport ag
ii whiptail 0.52.11-1 Displays user-friendly dialog boxe
Versions of packages signing-party suggests:
pn imagemagick | graphicsmagick- <none> (no description available)
ii mutt 1.5.20-9 text-based mailreader supporting M
pn texlive-latex-recommended <none> (no description available)
pn wipe <none> (no description available)
-- no debconf information
diff -pru signing-party-1.1.3.orig/keyanalyze/pgpring/pgplib.h signing-party-1.1.3/keyanalyze/pgpring/pgplib.h
--- signing-party-1.1.3.orig/keyanalyze/pgpring/pgplib.h 2010-02-11 19:26:31.000000000 +0100
+++ signing-party-1.1.3/keyanalyze/pgpring/pgplib.h 2010-11-04 10:11:18.000000000 +0100
@@ -40,12 +40,17 @@
#define KEYFLAG_ABILITIES (KEYFLAG_CANSIGN|KEYFLAG_CANENCRYPT|KEYFLAG_PREFER_ENCRYPTION|KEYFLAG_PREFER_SIGNING)
+#define SIGFLAG_EXPIRED (1 << 8)
+
typedef struct pgp_signature
{
struct pgp_signature *next;
unsigned char sigtype;
unsigned long sid1;
unsigned long sid2;
+ int flags;
+ time_t gen_time;
+ time_t exp_time;
}
pgp_sig_t;
@@ -56,6 +61,7 @@ typedef struct pgp_keyinfo
int flags;
short keylen;
time_t gen_time;
+ time_t exp_time;
int numalg;
const char *algorithm;
struct pgp_keyinfo *parent;
diff -pru signing-party-1.1.3.orig/keyanalyze/pgpring/pgppubring.c signing-party-1.1.3/keyanalyze/pgpring/pgppubring.c
--- signing-party-1.1.3.orig/keyanalyze/pgpring/pgppubring.c 2010-02-11 19:26:31.000000000 +0100
+++ signing-party-1.1.3/keyanalyze/pgpring/pgppubring.c 2010-11-12 10:15:33.000000000 +0100
@@ -64,8 +64,9 @@ extern int optind;
#endif
-static short dump_signatures = 0;
-
+static short dump_signatures = 0;
+static short exclude_exp_sigs = 0;
+static short exclude_exp_keys = 0;
static void pgpring_find_candidates (char *ringfile, const char *hints[], int nhints);
static void pgpring_dump_keyblock (pgp_key_t *p);
@@ -83,7 +84,7 @@ int main (int argc, char * const argv[])
char pgppath[_POSIX_PATH_MAX];
char kring[_POSIX_PATH_MAX];
- while ((c = getopt (argc, argv, "25sk:S")) != EOF)
+ while ((c = getopt (argc, argv, "eE25sk:S")) != EOF)
{
switch (c)
{
@@ -92,7 +93,16 @@ int main (int argc, char * const argv[])
dump_signatures = 1;
break;
}
-
+ case 'e':
+ {
+ exclude_exp_sigs = 1;
+ break;
+ }
+ case 'E':
+ {
+ exclude_exp_keys = 1;
+ break;
+ }
case 'k':
{
_kring = optarg;
@@ -173,8 +183,12 @@ static pgp_key_t *pgp_parse_pgp2_key (un
for (i = 0; i < 2; i++)
exp_days = (exp_days << 8) + buff[j++];
- if (exp_days && time (NULL) > gen_time + exp_days * 24 * 3600)
- p->flags |= KEYFLAG_EXPIRED;
+ if (exp_days)
+ {
+ p->exp_time = gen_time + exp_days * 24 * 3600;
+ if (time (NULL) > p->exp_time)
+ p->flags |= KEYFLAG_EXPIRED;
+ }
alg = buff[j++];
@@ -359,9 +373,10 @@ static int pgp_parse_pgp2_sig (unsigned
if (s)
{
- s->sigtype = sigtype;
- s->sid1 = signerid1;
- s->sid2 = signerid2;
+ s->sigtype = sigtype;
+ s->sid1 = signerid1;
+ s->sid2 = signerid2;
+ s->gen_time = sig_gen_time;
}
return 0;
@@ -454,6 +469,9 @@ static int pgp_parse_pgp3_sig (unsigned
key_validity = 0;
for (i = 0; i < 4; i++)
key_validity = (key_validity << 8) + buff[j++];
+ if (key_validity > 0)
+ p->exp_time = p->gen_time + key_validity;
+
break;
}
case 16: /* issuer key ID */
@@ -503,11 +521,19 @@ static int pgp_parse_pgp3_sig (unsigned
s->sigtype = sigtype;
s->sid1 = signerid1;
s->sid2 = signerid2;
+ if (sig_gen_time > 0)
+ {
+ s->gen_time = sig_gen_time;
+ if (validity > 0)
+ {
+ s->exp_time = sig_gen_time + validity;
+ if (time (NULL) > s->exp_time)
+ s->flags |= SIGFLAG_EXPIRED;
+ }
+ }
}
-
return 0;
-
}
@@ -774,12 +800,31 @@ static void print_userid (const char *id
static void pgpring_dump_signatures (pgp_sig_t *sig)
{
+ struct tm *tp;
+ time_t t;
+
for (; sig; sig = sig->next)
{
+ if (exclude_exp_sigs && (sig->flags & SIGFLAG_EXPIRED))
+ continue;
+
if (sig->sigtype == 0x10 || sig->sigtype == 0x11 ||
sig->sigtype == 0x12 || sig->sigtype == 0x13)
- printf ("sig::::%08lX%08lX::::::%X:\n",
- sig->sid1, sig->sid2, sig->sigtype);
+ {
+ printf ("sig::::%08lX%08lX:", sig->sid1, sig->sid2);
+ t = sig->gen_time;
+ tp = gmtime (&t);
+ printf ("%04d-%02d-%02d:", 1900 + tp->tm_year, tp->tm_mon + 1,
+ tp->tm_mday);
+ if (sig->exp_time)
+ {
+ t = sig->exp_time;
+ tp = gmtime (&t);
+ printf ("%04d-%02d-%02d", 1900 + tp->tm_year, tp->tm_mon + 1,
+ tp->tm_mday);
+ }
+ printf ("::::%X:\n", sig->sigtype);
+ }
else if (sig->sigtype == 0x20)
printf ("rev::::%08lX%08lX::::::%X:\n",
sig->sid1, sig->sid2, sig->sigtype);
@@ -807,6 +852,10 @@ static void pgpring_dump_keyblock (pgp_k
for (; p; p = p->next)
{
+ if (exclude_exp_keys && \
+ (p->flags & KEYFLAG_EXPIRED || p->flags & KEYFLAG_REVOKED))
+ continue;
+
first = 1;
if (p->flags & KEYFLAG_SECRET)
@@ -849,8 +898,17 @@ static void pgpring_dump_keyblock (pgp_k
t = p->gen_time;
tp = gmtime (&t);
- printf (":%d:%d:%s:%04d-%02d-%02d::::", p->keylen, p->numalg, p->keyid,
+ printf (":%d:%d:%s:%04d-%02d-%02d:", p->keylen, p->numalg, p->keyid,
1900 + tp->tm_year, tp->tm_mon + 1, tp->tm_mday);
+ if (p->exp_time)
+ {
+ t = p->exp_time;
+ tp = gmtime (&t);
+ printf ("%04d-%02d-%02d", 1900 + tp->tm_year, tp->tm_mon + 1,
+ tp->tm_mday);
+ }
+
+ printf (":::");
print_userid (uid->addr);
printf (":\n");
diff -pru signing-party-1.1.3.orig/keyanalyze/pgpring/pgpring.1 signing-party-1.1.3/keyanalyze/pgpring/pgpring.1
--- signing-party-1.1.3.orig/keyanalyze/pgpring/pgpring.1 2010-02-11 19:26:31.000000000 +0100
+++ signing-party-1.1.3/keyanalyze/pgpring/pgpring.1 2010-11-08 09:21:23.000000000 +0100
@@ -12,7 +12,9 @@ pgpring \- key ring dumper
.SH SYNTAX
\fBpgpring\fP [ \fB\-k\fP \fIkeyring\fP | \fB\-2\fP | \fB\-5\fP ]
-[ \fB\-s\fP ] [ \fB\-S\fP ]
+[ \fB\-s\fP ] [ \fB\-S\fP ] [ \fB\-e\fP ] [ \fB\-E\fP ]
+
+
.SH DESCRIPTION
@@ -40,6 +42,12 @@ Dump the secret keyring.
.TP
.B \-S
Include signatures.
+.TP
+.B \-e
+Exclude expired signatures
+.TP
+.B \-E
+Exclude expired keys
.SH AUTHORS
Thomas Roessler <roess...@does\-not\-exist.org>
