[Delta] [Bug] Qca reject message encryption by some expired subkeys even with actual subkeys.

Thu Feb 23 10:36:41 PST 2012

Thanks for the report.  The solution is probably to ignore any expiration 
indications if the return code is zero, but I'll need to confirm this is safe.

On Thursday, February 23, 2012 01:24:44 AM O01eg wrote:
> When I try to send encrypted message by psi+ I get error but when I use
> gpg it encrypts message.
> 
> Text from error message:
> GPGProc: Pipe setup complete
> GPGProc: Running: [gpg --no-tty --enable-special-filenames --status-fd
> 50 --command-fd 47 --armor --always-trust --encrypt --recipient
> 0xC1FD909980E93558]
> GPGProc: Process started
> {KEYEXPIRED 1301268553}
> {SIGEXPIRED}
> {KEYEXPIRED 1301268692}
> {SIGEXPIRED}
> {KEYEXPIRED 1301268765}
> {SIGEXPIRED}
> {KEYEXPIRED 1327569550}
> {SIGEXPIRED}
> {KEYEXPIRED 1301268553}
> {SIGEXPIRED}
> {KEYEXPIRED 1301268692}
> {SIGEXPIRED}
> {KEYEXPIRED 1301268765}
> {SIGEXPIRED}
> {KEYEXPIRED 1327569550}
> {SIGEXPIRED}
> {BEGIN_ENCRYPTION 2 9}
> {END_ENCRYPTION}
> GPGProc: Status: Closed (gone)
> GPGProc: Process finished: 0
> GPGProc: Done
> GPG Process Finished: exitStatus=0
> stderr: []
> GpgAction error: ErrorEncryptExpired
> 
> If I use gpg:
> $ gpg --status-fd=2 --with-colons --armor --encrypt --recipient
> 0xC1FD909980E93558 -v
> gpg: NOTE: signature key 6D76B712 expired Mon 28 Mar 2011 03:29:13 AM MSK
> [GNUPG:] KEYEXPIRED 1301268553
> [GNUPG:] SIGEXPIRED
> gpg: NOTE: signature key CFA0E141 expired Mon 28 Mar 2011 03:31:32 AM MSK
> [GNUPG:] KEYEXPIRED 1301268692
> [GNUPG:] SIGEXPIRED
> gpg: NOTE: signature key E4C6B7F3 expired Mon 28 Mar 2011 03:32:45 AM MSK
> [GNUPG:] KEYEXPIRED 1301268765
> [GNUPG:] SIGEXPIRED
> gpg: NOTE: signature key 7B41CEF1 expired Thu 26 Jan 2012 01:19:10 PM MSK
> [GNUPG:] KEYEXPIRED 1327569550
> [GNUPG:] SIGEXPIRED
> gpg: using subkey AB768765 instead of primary key 80E93558
> gpg: using PGP trust model
> gpg: NOTE: signature key 6D76B712 expired Mon 28 Mar 2011 03:29:13 AM MSK
> [GNUPG:] KEYEXPIRED 1301268553
> [GNUPG:] SIGEXPIRED
> gpg: NOTE: signature key CFA0E141 expired Mon 28 Mar 2011 03:31:32 AM MSK
> [GNUPG:] KEYEXPIRED 1301268692
> [GNUPG:] SIGEXPIRED
> gpg: NOTE: signature key E4C6B7F3 expired Mon 28 Mar 2011 03:32:45 AM MSK
> [GNUPG:] KEYEXPIRED 1301268765
> [GNUPG:] SIGEXPIRED
> gpg: NOTE: signature key 7B41CEF1 expired Thu 26 Jan 2012 01:19:10 PM MSK
> [GNUPG:] KEYEXPIRED 1327569550
> [GNUPG:] SIGEXPIRED
> gpg: AB768765: There is limited assurance this key belongs to the named
> user gpg: reading from `[stdin]'
> gpg: writing to stdout
> gpg: RSA/AES256 encrypted for: "AB768765 Sergey Alirzaev"
> [GNUPG:] BEGIN_ENCRYPTION 2 9
> dfg
> dfg
> -----BEGIN PGP MESSAGE-----
> Version: GnuPG v2.0.17 (GNU/Linux)
> 
> hQEMA0ZGDUardodlAQf/VktNq8kp0/LOlUk/pV/0XN/qtC3PBIbPOhR21XCHCuNW
> BDkTLJk8wPUu8YWZBsPYAa6kfTvIzoONAZ+lYjxNJJ2IaRnxJglfkJbTtpySXx3Y
> T3To5HaExPwrsf6+WnYJVH/FjM20MLT5nmmU1blTfcym29ST0fOLMm5v49IvVQ52
> 4tlnnMeKI5pPlnRvJAYGdoQcFN0SZEeVGW0DHREiSY+4XK5Zb38fa4U9XbP0AXjX
> CGyzrilQRZV5NnQnpUWQzxJaXjFo4s91j1T4Mvqn75Cn1OvYSD45G0gTqPm8s8ym
> Fz6ztEGMf/hV+eUUalye3ePclJroZZOW6nTl+onZAdJAAdVotvtf82PLjaZ1W/F8
> 4ct0AEvxnZOA7AJYD6rZYfRSgkkKGVP2c6ssQzB0BWOqzJATccdtygu7q5QjA7bd
> Nw==
> =eTtu
> -----END PGP MESSAGE-----
> [GNUPG:] END_ENCRYPTION
> 
> gpg use actual subkey AB768765 and ecrypt message.
> 
> If I use expired key gpg show real error:
> 
> $ gpg --status-fd=2 --with-colons --armor --encrypt --recipient
> 0xC04245D07563730A -v ; echo $?
> gpg: NOTE: signature key 7563730A expired Tue 10 Jan 2012 12:00:00 PM MSK
> [GNUPG:] KEYEXPIRED 1326182400
> [GNUPG:] SIGEXPIRED
> gpg: NOTE: signature key 7563730A expired Tue 10 Jan 2012 12:00:00 PM MSK
> [GNUPG:] KEYEXPIRED 1326182400
> [GNUPG:] SIGEXPIRED
> gpg: NOTE: signature key 7563730A expired Tue 10 Jan 2012 12:00:00 PM MSK
> [GNUPG:] KEYEXPIRED 1326182400
> [GNUPG:] SIGEXPIRED
> gpg: 0xC04245D07563730A: skipped: Unusable public key
> [GNUPG:] INV_RECP 0 0xC04245D07563730A
> gpg: [stdin]: encryption failed: Unusable public key
> 2
> 
> All subkeys expired:
> $ gpg --with-colons --list-keys 0xC04245D07563730A -v
> tru::1:1329980317:1340784000:3:1:5
> pub:e:4096:1:C04245D07563730A:1284664574:1326182400::u:::sc:
> uid:e::::1325015171::01E28D4BF2AFF5165330C777786BFC9AFB2C3DB7::O01eg
> (Рабочий) <o01eg at yandex.ru>:
> uid:e::::1325015171::A5163BF090DF38C14CED6FE8CE91A4F219557636::O01eg
> (XMPP) <o01eg at jabber.ru>:
> uat:e::::1325015171::B2B573F02737A1936A6459EEED65C476DC2DBDB1::1 4403:
> sub:e:3072:17:D79B2289D6082A41:1325013314:1340783993:::::s:
> sub:e:4096:16:7482878A3CAA0E9F:1325013524:1340784000:::::e:
> sub:e:4096:1:35297ED1CC329F37:1284664574:1326182400:::::e:
> 
> Qca version: 2.0.3
> Qca-gnupg version: 2.0.0-beta3
> _______________________________________________
> Delta mailing list
> Delta at lists.affinix.com
> http://lists.affinix.com/listinfo.cgi/delta-affinix.com