Skip to content

do not use revoked keys to make signatures

it seems that monkeyscan and monkeysign are both enthusiastically using revoked keys to make signatures.

the problem was worse before 7c774efe was applied because those keys were non-functional in the tmp keyring, but it's not much better if they work: we don't want to sign stuff with those keys, unless absolutely necessary (?).

this is imported from #766129 in the Debian BTS. It is harder to reproduce than other issues because we need an expired secret key to work with - something that is not easily created or in the test suite at the moment.

however, there is a patch from the geysigning people here: https://lists.riseup.net/www/arc/monkeysphere/2015-02/msg00009.html

it is part of the dev/revoked branch here. my only concern with it is whether we should avoid calling list-keys twice because 2.1 fixes the specific problem we're having with missing r flags...

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information