key expiredate confused?

Brian Warner warner at lothar.com
Tue Nov 17 14:32:16 CET 1998


Hi all.. I've been testing gpg<->pgp50 compatibility, and I found that a key
that had been edited with 0.4.3's 'gpg --edit-key' to have an expiration date
of around May 2000 gets reported in pgp50 as expiring in 2028. Looking further
into the key data, it appears that the key expiration time is being set to an
absolute value instead of the relative-to-key-creation-time value that the
OpenPGP draft specifies.

I saw a note in g10/ChangeLog that suggests this problem had been fixed (at
least for key-generation), but I can't see how it would work in the code.  In
keygen.c, ask_expiredate() returns an absolute date (time()+valid_days*86400),
and expiredate gets put pretty much unmodified into the key expiration
subpacket. The same goes for keyedit.c. It seems to me that the key creation
time should be subtracted from it just before the value is put into the
subpacket.

The only other compatibility issue I've seen is that a message encrypted by
pgp50 to this key evokes a warning "algorithm 3 not in preferences" when
decrypting with gpg. I've looked closely at the key and 3 is in the preference
list, but gpg --edit-key doesn't mention it (my symmetric prefs are S4 S3, but
--edit-key only reports S4.. likewise H3H2H6H1 are reported as H3 only, and
Z2Z1 turns into Z2: only the first of each preference is noticed). So it seems
to be a problem with the preference-reading code rather than the
preference-displaying code of --edit-key.

hope this is useful,
 -Brian




More information about the Gnupg-devel mailing list