Hi Jorge,
The CipherMail code that checks the key expiration skipped the User ID
packet if key expiration packet missing. It should however treat the
missing key expiration as "never expire". I have fixed this.
The other issue you reported, about the search result is not an
CipherMail issue but more a key server issue. The CipherMail gateway
repors the "raw" results from the key server. It looks like your key
server (
https://pgpkeys.icij.org/) returns empty values for the
expiration date.
Kind regards,
Martijn Brinkers
--
CipherMail email encryption
Email encryption with support for S/MIME,
OpenPGP, PDF Messenger and Webmail Messenger
On Fri, 2021-04-16 at 17:48 +0200, Jorge Gonzalez wrote:
Hi Martijn,
thanks, this did the trick for the moment.
Now I have spotted some more glitches about this:
At first, I changed the expiration date of my public key to 10 years
in the future, and saved. I did _not_ change the expiration date of
the SSB (signing key), which was still non-expiring.
I exported the pub key (which includes both pubkeys? confirm...),
reuploaded it to our PGP keyserver, and reimported it into
Ciphermail.
Now Ciphermail showed the expiration date correctly, 10 years in the
future.
When I searched for the new key while importing, though, the found
key was being shown as non-expiring.
With this key imported in CIphermail, I tried to send a test email,
and it did NOT work. The email bounced (I have the Ciphermail set up
to reject all emails which it cannot encrypt)
After that:
I changed the expiration date of both the public key _and_ the
signing key, to the same 10 years in the future, and saved.
I exported the new pubkey, reuploaded it to our PGP keyserver, and
reimported into Ciphermail
Now again Ciphermail shows the expiration date correctly (+10y)
AGAIN, When I searched for the new key while importing, the found key
was being shown as non-expiring. THis is definitely a bug, since all
keys now have an expiration date set.
With this key imported in CIphermail, I tried to send a test email,
and it DID work.
So I'm fine for now, because I got it working. But it seems the old
keys are being cached somewhere n Ciphermail, even after I delete
them, and the cached ones are being used to show info about them, but
not for signing...
Also, maybe that the expiration date shown is from the signing key
and not the general pubkey...
I hope this additional info is useful for you :-) Feel free to
contact me for some more tests if you need.
Thanks again for a great piece of software.
Cheers
Jorge
Jorge Gonzalez Villalonga
Systems Engineer
The International Consortium of Investigative Journalists
1710 Rhode Island Ave NW, 11th floor | Washington DC 20036 | United
States
Phone: +34 672 173 200 (Madrid, Spain)
El 16/4/21 a las 10:38, Martijn Brinkers escribió:
> Hi Jorge,
>
> This looks like a bug. It is debatable what it means if there is a
> signature which says that a key is expired and there is another
> signature which says that the key never expires. That said, the new
> signature that says that the key never expires is newer so it
> should
> prevail. I will look into it. As a workaround you might try to
> create a
> new key signature with an expiration date far in the future.
>
> I'll look into the issue
>
> Kind regards,
>
> Martijn Brinkers
>