Public bug reported: The Ubuntu keyserver website (http://keyserver.ubuntu.com and https://keyserver.ubuntu.com) shows incorrect expiry times for subkeys of some keys (though what specific conditions must be met to cause this bug, I am not sure). However, the key material stored on the keyserver is correct, and thus if the key is downloaded and imported into a local OpenPGP client (e.g. GnuPG), all expiry times are reported correctly. Thus, this bug only appears to affect the website frontend (that is, the expiry times which users will see if looking at search results on the website). This appears to be because the expiry times shown on the website for subkeys are computed as:
*PRIMARY KEY* CREATION TIME + *SUBKEY* VALIDITY DURATION; rather than: *SUBKEY* CREATION TIME + *SUBKEY* VALIDITY DURATION; where: - PRIMARY KEY CREATION TIME refers to the key creation timestamp stored in the key's Public Key Packet (packet Tag 6); - SUBKEY CREATION TIME refers to the subkey creation timestamp stored in the Public Subkey Packet (packet Tag 14) for a given subkey; and - SUBKEY VALIDITY DURATION refers to the value given in the Key Expiration Time field (signature subpacket Type 9) of a Signature Packet (packet Tag 2) that pertains to the given subkey; subject to the definitions given in RFC 4880. * * * For example, the key with the following fingerprint exhibits this bug: C62A 7455 5725 AB6D BA14 D1C2 92C8 C442 E2EE C796; which can be found at: https://keyserver.ubuntu.com/pks/lookup?search=0x92C8C442E2EEC796&op=index The key expiry times stated in signatures listed for: - the primary key (0xE2EEC796, created at 2019-01-10T00:03:22Z); and - the subkey which was created at the same time as the primary key (0x6C9E5795, also created at 2019-01-10T00:03:22Z); are correct, but those listed for the other subkeys (0xD0D6987A, 0x0D75406B, 0x98CD505A) are incorrect, in the manner described above. (NOTE: The creation times of the signatures themselves are listed correctly; it is only the key expiration times that are affected.) In particular: - the expiry time of 0xD0D6987A given in the signature created at 2020-06-24T19:51:57Z is listed as 2019-07-06T01:36:20Z, when it should be 2020-06-30T23:59:59Z; - the expiry times of 0x0D75406B and 0x98CD505A given in each of the signatures created at 2020-07-01T00:00:01Z are listed as 2019-01-10T00:03:24Z, when they should be 2020-07-01T00:00:02Z. ** Affects: ubuntu Importance: Undecided Status: New ** Description changed: The Ubuntu keyserver website (http://keyserver.ubuntu.com and - https://keyserver.ubuntu.com) shows incorrect expiry times for subkeys of some - keys (though what specific conditions must be met to cause to bug, I am not - sure). However, the key material stored on the keyserver is correct, and thus - if the key is downloaded and imported into a local OpenPGP client (e.g. GnuPG), - all expiry times are reported correctly. Thus, this bug only appears to affect - the website frontend (that is, the expiry times which users will see if looking - at search results on the website). This appears to be because the expiry times - shown on the website for subkeys are computed as: + https://keyserver.ubuntu.com) shows incorrect expiry times for subkeys + of some keys (though what specific conditions must be met to cause to + bug, I am not sure). However, the key material stored on the keyserver + is correct, and thus if the key is downloaded and imported into a local + OpenPGP client (e.g. GnuPG), all expiry times are reported correctly. + Thus, this bug only appears to affect the website frontend (that is, the + expiry times which users will see if looking at search results on the + website). This appears to be because the expiry times shown on the + website for subkeys are computed as: *PRIMARY KEY* CREATION TIME + *SUBKEY* VALIDITY DURATION; rather than: *SUBKEY* CREATION TIME + *SUBKEY* VALIDITY DURATION; where: - - PRIMARY KEY CREATION TIME refers to the key creation timestamp stored in - the key's Public Key Packet (packet Tag 6); + - PRIMARY KEY CREATION TIME refers to the key creation timestamp stored + in the key's Public Key Packet (packet Tag 6); - - SUBKEY CREATION TIME refers to the subkey creation timestamp stored in - the Public Subkey Packet (packet Tag 14) for a given subkey; and + - SUBKEY CREATION TIME refers to the subkey creation timestamp stored + in the Public Subkey Packet (packet Tag 14) for a given subkey; and - SUBKEY VALIDITY DURATION refers to the value given in the Key Expiration - Time field (signature subpacket Type 9) of a Signature Packet (packet - Tag 2) that pertains to the given subkey; + Time field (signature subpacket Type 9) of a Signature Packet + (packet Tag 2) that pertains to the given subkey; subject to the definitions given in RFC 4880. * * * For example, the key with the following fingerprint exhibits this bug: C62A 7455 5725 AB6D BA14 D1C2 92C8 C442 E2EE C796; which can be found at: https://keyserver.ubuntu.com/pks/lookup?search=0x92C8C442E2EEC796&op=index The key expiry times stated in signatures listed for: - the primary key (0xE2EEC796, created at 2019-01-10T00:03:22Z); and - the subkey which was created at the same time as the primary key - (0x6C9E5795, also created at 2019-01-10T00:03:22Z); + (0x6C9E5795, also created at 2019-01-10T00:03:22Z); - are correct, but those listed for the other subkeys (0xD0D6987A, 0x0D75406B, - 0x98CD505A) are incorrect, in the manner described above. (NOTE: The creation - times of the signatures themselves are listed correctly; it is only the key - expiration times that are affected.) + are correct, but those listed for the other subkeys (0xD0D6987A, + 0x0D75406B, 0x98CD505A) are incorrect, in the manner described above. + (NOTE: The creation times of the signatures themselves are listed + correctly; it is only the key expiration times that are affected.) In particular: - the expiry time of 0xD0D6987A given in the signature created at - 2020-06-24T19:51:57Z is listed as 2019-07-06T01:36:20Z, when it should - be 2020-06-30T23:59:59Z; + 2020-06-24T19:51:57Z is listed as 2019-07-06T01:36:20Z, when it + should be 2020-06-30T23:59:59Z; - the expiry times of 0x0D75406B and 0x98CD505A given in each of the - signatures created at 2020-07-01T00:00:01Z are listed as - 2019-01-10T00:03:24Z, when they should be 2020-07-01T00:00:02Z. + signatures created at 2020-07-01T00:00:01Z are listed as + 2019-01-10T00:03:24Z, when they should be 2020-07-01T00:00:02Z. ** Description changed: The Ubuntu keyserver website (http://keyserver.ubuntu.com and https://keyserver.ubuntu.com) shows incorrect expiry times for subkeys of some keys (though what specific conditions must be met to cause to bug, I am not sure). However, the key material stored on the keyserver is correct, and thus if the key is downloaded and imported into a local OpenPGP client (e.g. GnuPG), all expiry times are reported correctly. Thus, this bug only appears to affect the website frontend (that is, the expiry times which users will see if looking at search results on the website). This appears to be because the expiry times shown on the website for subkeys are computed as: *PRIMARY KEY* CREATION TIME + *SUBKEY* VALIDITY DURATION; rather than: *SUBKEY* CREATION TIME + *SUBKEY* VALIDITY DURATION; where: - - PRIMARY KEY CREATION TIME refers to the key creation timestamp stored - in the key's Public Key Packet (packet Tag 6); + - PRIMARY KEY CREATION TIME refers to the key creation timestamp + stored in the key's Public Key Packet (packet Tag 6); - SUBKEY CREATION TIME refers to the subkey creation timestamp stored in the Public Subkey Packet (packet Tag 14) for a given subkey; and - SUBKEY VALIDITY DURATION refers to the value given in the Key Expiration Time field (signature subpacket Type 9) of a Signature Packet (packet Tag 2) that pertains to the given subkey; subject to the definitions given in RFC 4880. * * * For example, the key with the following fingerprint exhibits this bug: C62A 7455 5725 AB6D BA14 D1C2 92C8 C442 E2EE C796; which can be found at: https://keyserver.ubuntu.com/pks/lookup?search=0x92C8C442E2EEC796&op=index The key expiry times stated in signatures listed for: - the primary key (0xE2EEC796, created at 2019-01-10T00:03:22Z); and - the subkey which was created at the same time as the primary key (0x6C9E5795, also created at 2019-01-10T00:03:22Z); are correct, but those listed for the other subkeys (0xD0D6987A, 0x0D75406B, 0x98CD505A) are incorrect, in the manner described above. (NOTE: The creation times of the signatures themselves are listed correctly; it is only the key expiration times that are affected.) In particular: - the expiry time of 0xD0D6987A given in the signature created at 2020-06-24T19:51:57Z is listed as 2019-07-06T01:36:20Z, when it should be 2020-06-30T23:59:59Z; - the expiry times of 0x0D75406B and 0x98CD505A given in each of the signatures created at 2020-07-01T00:00:01Z are listed as 2019-01-10T00:03:24Z, when they should be 2020-07-01T00:00:02Z. ** Description changed: The Ubuntu keyserver website (http://keyserver.ubuntu.com and https://keyserver.ubuntu.com) shows incorrect expiry times for subkeys of some keys (though what specific conditions must be met to cause to bug, I am not sure). However, the key material stored on the keyserver is correct, and thus if the key is downloaded and imported into a local OpenPGP client (e.g. GnuPG), all expiry times are reported correctly. Thus, this bug only appears to affect the website frontend (that is, the expiry times which users will see if looking at search results on the website). This appears to be because the expiry times shown on the website for subkeys are computed as: *PRIMARY KEY* CREATION TIME + *SUBKEY* VALIDITY DURATION; rather than: *SUBKEY* CREATION TIME + *SUBKEY* VALIDITY DURATION; where: - PRIMARY KEY CREATION TIME refers to the key creation timestamp stored in the key's Public Key Packet (packet Tag 6); - SUBKEY CREATION TIME refers to the subkey creation timestamp stored in the Public Subkey Packet (packet Tag 14) for a given subkey; and - - SUBKEY VALIDITY DURATION refers to the value given in the Key Expiration - Time field (signature subpacket Type 9) of a Signature Packet - (packet Tag 2) that pertains to the given subkey; + - SUBKEY VALIDITY DURATION refers to the value given in the + Key Expiration Time field (signature subpacket Type 9) of a + Signature Packet (packet Tag 2) that pertains to the given subkey; subject to the definitions given in RFC 4880. * * * For example, the key with the following fingerprint exhibits this bug: C62A 7455 5725 AB6D BA14 D1C2 92C8 C442 E2EE C796; which can be found at: https://keyserver.ubuntu.com/pks/lookup?search=0x92C8C442E2EEC796&op=index The key expiry times stated in signatures listed for: - the primary key (0xE2EEC796, created at 2019-01-10T00:03:22Z); and - the subkey which was created at the same time as the primary key (0x6C9E5795, also created at 2019-01-10T00:03:22Z); are correct, but those listed for the other subkeys (0xD0D6987A, 0x0D75406B, 0x98CD505A) are incorrect, in the manner described above. (NOTE: The creation times of the signatures themselves are listed correctly; it is only the key expiration times that are affected.) In particular: - the expiry time of 0xD0D6987A given in the signature created at 2020-06-24T19:51:57Z is listed as 2019-07-06T01:36:20Z, when it should be 2020-06-30T23:59:59Z; - the expiry times of 0x0D75406B and 0x98CD505A given in each of the signatures created at 2020-07-01T00:00:01Z are listed as 2019-01-10T00:03:24Z, when they should be 2020-07-01T00:00:02Z. ** Description changed: The Ubuntu keyserver website (http://keyserver.ubuntu.com and https://keyserver.ubuntu.com) shows incorrect expiry times for subkeys - of some keys (though what specific conditions must be met to cause to + of some keys (though what specific conditions must be met to cause this bug, I am not sure). However, the key material stored on the keyserver is correct, and thus if the key is downloaded and imported into a local OpenPGP client (e.g. GnuPG), all expiry times are reported correctly. Thus, this bug only appears to affect the website frontend (that is, the expiry times which users will see if looking at search results on the website). This appears to be because the expiry times shown on the website for subkeys are computed as: - *PRIMARY KEY* CREATION TIME + *SUBKEY* VALIDITY DURATION; + *PRIMARY KEY* CREATION TIME + *SUBKEY* VALIDITY DURATION; rather than: - *SUBKEY* CREATION TIME + *SUBKEY* VALIDITY DURATION; + *SUBKEY* CREATION TIME + *SUBKEY* VALIDITY DURATION; where: - - PRIMARY KEY CREATION TIME refers to the key creation timestamp - stored in the key's Public Key Packet (packet Tag 6); + - PRIMARY KEY CREATION TIME refers to the key creation timestamp + stored in the key's Public Key Packet (packet Tag 6); - - SUBKEY CREATION TIME refers to the subkey creation timestamp stored - in the Public Subkey Packet (packet Tag 14) for a given subkey; and + - SUBKEY CREATION TIME refers to the subkey creation timestamp stored + in the Public Subkey Packet (packet Tag 14) for a given subkey; and - - SUBKEY VALIDITY DURATION refers to the value given in the - Key Expiration Time field (signature subpacket Type 9) of a - Signature Packet (packet Tag 2) that pertains to the given subkey; + - SUBKEY VALIDITY DURATION refers to the value given in the + Key Expiration Time field (signature subpacket Type 9) of a + Signature Packet (packet Tag 2) that pertains to the given subkey; subject to the definitions given in RFC 4880. - * * * + * * * For example, the key with the following fingerprint exhibits this bug: C62A 7455 5725 AB6D BA14 D1C2 92C8 C442 E2EE C796; which can be found at: https://keyserver.ubuntu.com/pks/lookup?search=0x92C8C442E2EEC796&op=index The key expiry times stated in signatures listed for: - - the primary key (0xE2EEC796, created at 2019-01-10T00:03:22Z); and + - the primary key (0xE2EEC796, created at 2019-01-10T00:03:22Z); and - - the subkey which was created at the same time as the primary key - (0x6C9E5795, also created at 2019-01-10T00:03:22Z); + - the subkey which was created at the same time as the primary key + (0x6C9E5795, also created at 2019-01-10T00:03:22Z); are correct, but those listed for the other subkeys (0xD0D6987A, 0x0D75406B, 0x98CD505A) are incorrect, in the manner described above. (NOTE: The creation times of the signatures themselves are listed correctly; it is only the key expiration times that are affected.) In particular: - - the expiry time of 0xD0D6987A given in the signature created at - 2020-06-24T19:51:57Z is listed as 2019-07-06T01:36:20Z, when it - should be 2020-06-30T23:59:59Z; + - the expiry time of 0xD0D6987A given in the signature created at + 2020-06-24T19:51:57Z is listed as 2019-07-06T01:36:20Z, when it + should be 2020-06-30T23:59:59Z; - - the expiry times of 0x0D75406B and 0x98CD505A given in each of the - signatures created at 2020-07-01T00:00:01Z are listed as - 2019-01-10T00:03:24Z, when they should be 2020-07-01T00:00:02Z. + - the expiry times of 0x0D75406B and 0x98CD505A given in each of the + signatures created at 2020-07-01T00:00:01Z are listed as + 2019-01-10T00:03:24Z, when they should be 2020-07-01T00:00:02Z. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1885374 Title: Ubuntu PGP keyserver computes incorrect expiry times To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1885374/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
