. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To Current Test - ''' '''[[Software/CurrentTest|Software/CurrentTest]]'''
----
= Software Current Tests - Bug 911 (GPG key expired bug) =
||<#00FF00> '''2011-07-20 00:00 - Bug 911 last updated''' ||
== Background Informations, Instructions ==
== Testserver Links ==
|| [[Software/CurrentTest|Main Entry Info Page for Software Testers]] || [[Software/CurrentTest]] ||
|| [[http://cacert1.it-sls.de|Testserver Main Entry Page]] || [[http://cacert1.it-sls.de]] ||
|| [[https://ca-mgr1.it-sls.de/login|Testserver Mgmt System Entry Page]] || [[https://ca-mgr1.it-sls.de/login]] ||
|| [[Software/Assessment/TestserverManagementSystem|Testserver Mgmt System Docu]] || [[Software/Assessment/TestserverManagementSystem]] ||
|| [[Software/Assessment/FAQ|Testers and Developers FAQ]] || [[Software/Assessment/FAQ]] ||
|| [[https://bugs.cacert.org|Bugtracker (for reporting]] || [[https://bugs.cacert.org]] ||
== Testserver 1: http://cacert1.it-sls.de ==
<
>
|| 14.1 || Patch || (!) [[https://bugs.cacert.org/view.php?id=911|Bugs # 911]] {*} {*} ||
|| 14.2 || Developer || NEO ||
||<^> 14.3 ||<^> Purpose of patch || 0000911: Wrong expiration time in newly added GPG Key if Key has no Expire date ||
||<^> 14.4 ||<^> Patch Area || GPG/PGP keys ||
|| 14.5 || Patch Testing Requirements || assured member, at least 50 pts ||
||<^> 14.6 ||<^> Remarks || test gpg keys w/ & w/o expiry date set<
>[[Software/CurrentTest/bug911|Bug 911 - Instructions/Infos]] ||
== Instructions and Sample Test Matrix for Software Testers ==
=== Introduction ===
In the error case users received expired GPG keys in the view GPG keys list with date set "1971-01-02" in expires field with realy fresh new created GPG keys, expiry date set or not at built time.
==== CAcert's points system for Assuree's and Assurers is as follows: ====
|| 0-49 pts || Assurance points, Certs that expires after 1/2 year ||
|| 50-99 pts || Assurance points, Certs expires after 2 years addtl. GPG/PGP keys can be added ||
|| 100 pts || Fully Assured (same as 50-99) ||
|| 100 pts || CATS will be added and activated if CATS passed<
>Possibility to request Codesigning (adding Codesigning flag onto the account possible)<
>Possibility to assure others ||
|| (100+) 0-50 pts || Experience points for each assurance you'll receive 2 experience points ||
==== The GPG key and the Expiry date shown in GPG view keys list ====
A note towards the expire date as shown by CAcert: There is a bug which has hopefully been fixed on the test system but from what I gather from the comments above there is also a misunderstanding:
The expiry date shown is not that of the key itself but of the Signature of CAcert.<
>
That means your key will still be valid in general but the signature that CAcert did on your key will expire so you just have to resign it to get a valid signature again.
Unfortunately most GUI tools don't show the expiration of a signature.<
>
On the command line you can check out the validity of the signatures on a key by running<
>
"gpg --check-sigs ". The "X" indicates an eXpired signature.
=== Preliminaries ===
For this test you'll need:
* one account with at least 50 assurance points.
* GnuPG installed on your local machine (to create gpg keys)
=== Instructions to create pgp test keys ===
{{{
gpg --gen-key
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? -> 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) -> 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) -> Enter
Key does not expire at all
Is this correct? (y/N) -> y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) "
Real name: -> My Givenname Surname
Email address: -> my@email.tld
Comment:
You selected this USER-ID:
"My Givenname Surname "
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? -> o
You need a Passphrase to protect your secret key.
Enter passphrase: -> enter a passphrase
Repeat passphrase: -> enter your passphrase
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++++++++++++...++++++++++.+++++++++++++++++++++++++.+++++++++++++++++++++++++
+++++..+++++.++++++++++..++++++++++.+++++++++++++++...++++++++++>++++++++++.<.++
+++...>++++++++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
..+++++.+++++++++++++++....++++++++++.++++++++++.+++++.+++++...++++++++++.++++++
++++...++++++++++.+++++.+++++++++++++++.+++++..+++++..++++++++++.+++++++++++++++
.++++++++++.+++++..+++++++++++++++>+++++.+++++...++++++++++++++++++++.+++++..+++
++...+++++....+++++>.+++++>+++++>...+++++.......................................
...............................................+++++^^^
gpg: key 5C68118C marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024D/5C68118C 2011-07-19
Key fingerprint = 95F2 D66C 4313 839C 77FD F374 AAF6 0782 5C68 118C
uid My Givenname Surname
sub 4096g/5C7F1F26 2011-07-19
Export: (for copy & paste to CAcert website form GPG signing request)
gpg --export --armor>ascii-key-filename.extension
For debugging:
gpg -v ascii-key-filename.extension
FAQ:
1. Q: I have problems with my middlename (eg invalid chars)
A: remove middlename
}}}
=== Test Matrix for Testers ===
1. create a new key, set expire option to '0'
1. create a new key, set expire option > '0' (days, weeks, months, years)
1. variations in used algorythm
1. variations in key-length
=== Reporting ===
Report the results under:<
>
[[https://bugs.cacert.org/view.php?id=911]]<
>
of each step you walk thru
Add the used parameters in key generation to the report
report about 5 lines from the signed key:<
>
Output -> gpg -vv your-signed-key.gpg<
>
that includes the "md5len" and "critical hashed subpkt" lines
sample:
{{{
:signature packet: algo 17, keyid 4BE7348177F751AC
version 4, created 1311159161, md5len 0, sigclass 0x10
digest algo 2, begin of digest 55 de
hashed subpkt 2 len 4 (sig created 2011-07-20)
critical hashed subpkt 3 len 4 (sig expires after 1y1d0h0m)
}}}
=== Additional Tests ===
find yourself addtl. test variations ...
'''''Happy testing'''''
----
. CategorySoftwareAssessment