Open Bug 1720008 Opened 4 years ago Updated 3 years ago

Updates to PGP key expiration date seem to be applied incorrectly

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: twistx, Unassigned)

References

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0

Steps to reproduce:

  1. Change Expiration Date from the UI - Set to "Key will never expire"

  2. Change Expiration Date from the UI - Set to "Key will expire in 24 Months"

Actual results:

The (first only?) sub-key expiration date is modified but the primary key expiration is left intact (original expiration date is preserved). In the likely scenario that someone updates their expired key for the first time setting it to "never" in Thunderbird their updated key will still be considered expired in GPG and mail clients that use its facilities. Thunderbird seems to ignore the primary key expiration and considers all key parts valid even if the primary key is expired.

Attempting to set a new expiration date after the step above only applies to the new date to the primary key and the sub-key expiration is left intact (still set to never).

From there the key management UI in Thunderbird also incorrectly displays the Expiry field in the Structure tab. Both the primary and sub-key show "never" when there is still an expiration set on the primary.

You can confirm for yourself by making the change above, exporting the pubic key to a file, then viewing the key data with gpg like so:

cat public-key.asc | gpg --with-colons --import-options show-only --import

Expected results:

Sub-key expiration should have not overruled the primary key expiration in Thunderbird causing the key to appear valid.

Modification to expiration should have been applied to the primary key and probably all sub-keys since you can't modify individual sub-key expiration dates from the UI. In the future that ability would be nice to have along with the option to choose which sub-keys to update when updating primary key expiration.

To contrast, by default GPG updates the primary key expiration and the sub-key is left intact unless it is directed to update a sub-key by fingerprint or to apply the change to all sub-keys.

The key management UI should have correctly displayed the expiry for individual key parts.

Component: Untriaged → Security: OpenPGP
Product: Thunderbird → MailNews Core

Bug 1759293 fixed some of this. We indeed only change the primary+first sub key. This is how it always was.
Possibly that should change all subkeys - https://searchfox.org/comm-central/rev/48c2cd9cce1c0438975d7f92190cb9e2cdd9ef70/mail/extensions/openpgp/content/ui/changeExpiryDlg.js#44

See Also: → 1666507

JFYI: We plan to extend RNP API to make key expiration time changes more flexible. Will update this issue once it is available.

You need to log in before you can comment on or make changes to this bug.