hockeypuck

  1. Bug #1885374
  2. Comment #0

Comment 0 for bug 1885374

Revision history for this message
Jivan Pal (jivanpal) wrote :

The Ubuntu keyserver website (http://keyserver.ubuntu.com and
https://keyserver.ubuntu.com) shows incorrect expiry times for subkeys of some
keys (though what specific conditions must be met to cause to bug, I am not
sure). However, the key material stored on the keyserver is correct, and thus
if the key is downloaded and imported into a local OpenPGP client (e.g. GnuPG),
all expiry times are reported correctly. Thus, this bug only appears to affect
the website frontend (that is, the expiry times which users will see if looking
at search results on the website). This appears to be because the expiry times
shown on the website for subkeys are computed as:

    *PRIMARY KEY* CREATION TIME + *SUBKEY* VALIDITY DURATION;

rather than:

    *SUBKEY* CREATION TIME + *SUBKEY* VALIDITY DURATION;

where:

    - PRIMARY KEY CREATION TIME refers to the key creation timestamp stored in
        the key's Public Key Packet (packet Tag 6);

    - SUBKEY CREATION TIME refers to the subkey creation timestamp stored in
        the Public Subkey Packet (packet Tag 14) for a given subkey; and

    - SUBKEY VALIDITY DURATION refers to the value given in the Key Expiration
        Time field (signature subpacket Type 9) of a Signature Packet (packet
        Tag 2) that pertains to the given subkey;

subject to the definitions given in RFC 4880.

    * * *

For example, the key with the following fingerprint exhibits this bug:
C62A 7455 5725 AB6D BA14 D1C2 92C8 C442 E2EE C796; which can be found at:
https://keyserver.ubuntu.com/pks/lookup?search=0x92C8C442E2EEC796&op=index

The key expiry times stated in signatures listed for:

    - the primary key (0xE2EEC796, created at 2019-01-10T00:03:22Z); and

    - the subkey which was created at the same time as the primary key
        (0x6C9E5795, also created at 2019-01-10T00:03:22Z);

are correct, but those listed for the other subkeys (0xD0D6987A, 0x0D75406B,
0x98CD505A) are incorrect, in the manner described above. (NOTE: The creation
times of the signatures themselves are listed correctly; it is only the key
expiration times that are affected.)

In particular:

    - the expiry time of 0xD0D6987A given in the signature created at
        2020-06-24T19:51:57Z is listed as 2019-07-06T01:36:20Z, when it should
        be 2020-06-30T23:59:59Z;

    - the expiry times of 0x0D75406B and 0x98CD505A given in each of the
        signatures created at 2020-07-01T00:00:01Z are listed as
        2019-01-10T00:03:24Z, when they should be 2020-07-01T00:00:02Z.