Closed Bug 1941370 Opened 1 year ago Closed 28 days ago

Add a mechanism to warn if OpenPGP secret and public keys have different validity

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1929026

People

(Reporter: KaiE, Unassigned)

Details

I would like to have a mechanism, to ensure that the validity information that we have in the secret keys matches what we have in the corresponding public key.

I just lost a few hours analyzing a strange behavior, but it was caused by my own mistake.

I had manipulated the expiration date of a key outside of Thunderbird, and had imported only the updated public key into Thunderbird.

When trying to sign with that key, RNP decided that it cannot be done, because the secret signing key was expired. But our key manager UI said the key is valid.

I guess Thunderbird should probably be able to do it by itself. It could load only the secret key data into an RNP FFI area, get the expiration information, then compare with what we get in the public keyring.

If a mismatch is detected, I'd like to show some warning in key manager, or the key details dialog.

Summary: Add a mechanism to ensure that OpenPGP secret and public keys have identical validity → Add a mechanism to warn if OpenPGP secret and public keys have different validity
Status: NEW → RESOLVED
Closed: 28 days ago
Duplicate of bug: 1929026
Resolution: --- → DUPLICATE

I think we shouldn't warn, we should rather try to fix automatically.

You need to log in before you can comment on or make changes to this bug.