Hi Jorge, The CipherMail code that checks the key expiration skipped the User ID packet if key expiration packet missing. It should however treat the missing key expiration as "never expire". I have fixed this.
The other issue you reported, about the search result is not an CipherMail issue but more a key server issue. The CipherMail gateway repors the "raw" results from the key server. It looks like your key server (https://pgpkeys.icij.org/) returns empty values for the expiration date. Kind regards, Martijn Brinkers -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF Messenger and Webmail Messenger On Fri, 2021-04-16 at 17:48 +0200, Jorge Gonzalez wrote: > Hi Martijn, > thanks, this did the trick for the moment. > Now I have spotted some more glitches about this: > At first, I changed the expiration date of my public key to 10 years > in the future, and saved. I did _not_ change the expiration date of > the SSB (signing key), which was still non-expiring. > I exported the pub key (which includes both pubkeys? confirm...), > reuploaded it to our PGP keyserver, and reimported it into > Ciphermail. > Now Ciphermail showed the expiration date correctly, 10 years in the > future. > When I searched for the new key while importing, though, the found > key was being shown as non-expiring. > With this key imported in CIphermail, I tried to send a test email, > and it did NOT work. The email bounced (I have the Ciphermail set up > to reject all emails which it cannot encrypt) > After that: > I changed the expiration date of both the public key _and_ the > signing key, to the same 10 years in the future, and saved. > I exported the new pubkey, reuploaded it to our PGP keyserver, and > reimported into Ciphermail > Now again Ciphermail shows the expiration date correctly (+10y) > AGAIN, When I searched for the new key while importing, the found key > was being shown as non-expiring. THis is definitely a bug, since all > keys now have an expiration date set. > With this key imported in CIphermail, I tried to send a test email, > and it DID work. > So I'm fine for now, because I got it working. But it seems the old > keys are being cached somewhere n Ciphermail, even after I delete > them, and the cached ones are being used to show info about them, but > not for signing... > Also, maybe that the expiration date shown is from the signing key > and not the general pubkey... > I hope this additional info is useful for you :-) Feel free to > contact me for some more tests if you need. > Thanks again for a great piece of software. > Cheers > Jorge > Jorge Gonzalez Villalonga > Systems Engineer > The International Consortium of Investigative Journalists > 1710 Rhode Island Ave NW, 11th floor | Washington DC 20036 | United > States > Phone: +34 672 173 200 (Madrid, Spain) > El 16/4/21 a las 10:38, Martijn Brinkers escribió: > > Hi Jorge, > > > > This looks like a bug. It is debatable what it means if there is a > > signature which says that a key is expired and there is another > > signature which says that the key never expires. That said, the new > > signature that says that the key never expires is newer so it > > should > > prevail. I will look into it. As a workaround you might try to > > create a > > new key signature with an expiration date far in the future. > > > > I'll look into the issue > > > > Kind regards, > > > > Martijn Brinkers > >
