Opened 4 weeks ago

Closed 4 weeks ago

Last modified 4 weeks ago

#30648 closed task (fixed)

Update GPG subkey in ldap

Reported by: mikeperry Owned by: anarcat
Priority: Medium Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Please update my gpg key in LDAP. It has not been updated since the subkeys expired. The new key is attached as a trac attachment.

Child Tickets

Attachments (2)

gpg-detached-sig.pub (37.1 KB) - added by mikeperry 4 weeks ago.
Updated version of Oh yikes! I had Updated subkeys of key C963C21D63564E2B10BB335B29846B3C683686CC
gpg-detached-sig.pub.asc (801 bytes) - added by mikeperry 4 weeks ago.
Detached sig

Download all attachments as: .zip

Change History (8)

comment:1 Changed 4 weeks ago by anarcat

Hello mike,

I'm confused: I have C963C21D63564E2B10BB335B29846B3C683686CC as your key in the keyring right now, and the key you provided is not signed with that key. How can I trust the public key you provide is the right one?

I would like your new key to be signed by the old one, or by a trusted key in the keyring.

Sorry for the trouble.

comment:2 Changed 4 weeks ago by mikeperry

Oh yikes! I had used an old interim key by accident. Yikes. Uploading the updated version of C963C21D63564E2B10BB335B29846B3C683686CC with a detached signature from C963C21D63564E2B10BB335B29846B3C683686CC

Sorry for the mixup.

Changed 4 weeks ago by mikeperry

Attachment: gpg-detached-sig.pub added

Updated version of Oh yikes! I had Updated subkeys of key C963C21D63564E2B10BB335B29846B3C683686CC

Changed 4 weeks ago by mikeperry

Attachment: gpg-detached-sig.pub.asc added

Detached sig

comment:3 Changed 4 weeks ago by anarcat

Owner: changed from tpa to anarcat
Status: newassigned

comment:4 Changed 4 weeks ago by anarcat

that signature is still not issued from a known key.

$ gpg --verify gpg-detached-sig.pub.asc  gpg-detached-sig.pub 
gpg: Signature made Tue May 28 00:00:47 2019 EDT
gpg:                using RSA key 660DDE645EEFF156
gpg: Can't check signature: No public key

but it looks like you're just adding new subkeys so i think i can add this, let me just double-check.

comment:5 Changed 4 weeks ago by anarcat

Resolution: fixed
Status: assignedclosed

committed and pushed, should propagated to all servers some time today...

comment:6 Changed 4 weeks ago by anarcat

internal note: mike's key had extra stuff in our git repo, so i re-exported it with "export-minimal" in a first commit, then re-exported it with the updated subkey here. here's what the diff looks like:

commit b55b30fe7fc298b510885b42689d08dd96c1e0d6
Author: Antoine Beaupré <anarcat@debian.org>
Date:   Tue May 28 11:58:25 2019 -0400

    re-export mikeperry's key using the correct export-minimal options
    
    This is in preparation for fixing #30648

diff --git a/mikeperry-C963C21D63564E2B10BB335B29846B3C683686CC.gpg b/mikeperry-C963C21D63564E2B10BB335B29846B3C683686CC.gpg
index 3fb0545..c5d4bf2 100644
--- a/mikeperry-C963C21D63564E2B10BB335B29846B3C683686CC.gpg
+++ b/mikeperry-C963C21D63564E2B10BB335B29846B3C683686CC.gpg
@@ -2,48 +2,9 @@ pub   rsa8192/29846B3C683686CC 2013-09-11 [SC]
       C963C21D63564E2B10BB335B29846B3C683686CC
 uid                           Mike Perry (Regular use key) <mikeperry@torproject.org>
 sig        29846B3C683686CC 2013-09-11   [selfsig]
-sig        1B0CA30CDDC6C0AD 2013-09-27   [User ID not found]
-sig        2F3E886DC0369345 2014-03-06   [User ID not found]
-sig        627DEE286B4D6475 2013-12-10   [User ID not found]
-sig        C009DB191C92A77B 2014-09-10   [User ID not found]
-sig        9768FD3CC48815F2 2014-07-04   VOISIN Julien <julien.voisin@dustri.org>
-sig        70BA0146F7164D08 2014-09-06   [User ID not found]
-sig        6192A717D09B9CAB 2014-10-16   [User ID not found]
-sig        CD974C9A394D633F 2014-11-15   [User ID not found]
-sig        98DDBB4E22CA2C83 2014-11-23   [User ID not found]
-sig        153FE398821C8394 2015-01-12   [User ID not found]
-sig        A993E7156E0E9923 2015-03-03   [User ID not found]
-sig        8E5F44BA68E689C5 2015-08-02   [User ID not found]
-sig        23451B107AA03941 2016-01-03   [User ID not found]
-sig        23275189B8E7626C 2016-02-08   [User ID not found]
 uid                           Mike Perry (Regular use key) <mikeperry@fscked.org>
-sig        C009DB191C92A77B 2014-09-10   [User ID not found]
 sig        29846B3C683686CC 2014-09-08   [selfsig]
-sig        6192A717D09B9CAB 2014-10-16   [User ID not found]
-sig        CD974C9A394D633F 2014-11-15   [User ID not found]
-sig        98DDBB4E22CA2C83 2014-11-23   [User ID not found]
-sig        153FE398821C8394 2015-01-12   [User ID not found]
-sig        A993E7156E0E9923 2015-03-03   [User ID not found]
-sig        8E5F44BA68E689C5 2015-08-02   [User ID not found]
-sig        23451B107AA03941 2016-01-03   [User ID not found]
-sig        23275189B8E7626C 2016-02-08   [User ID not found]
 uid                           Mike Perry <mikeperry@endarken.info>
 sig        29846B3C683686CC 2015-09-08   [selfsig]
-sig        23451B107AA03941 2016-01-03   [User ID not found]
-sig        23275189B8E7626C 2016-02-08   [User ID not found]
 uid                           Mike Perry <mikeperry@unencrypted.info>
 sig        29846B3C683686CC 2015-09-07   [selfsig]
-sig        23451B107AA03941 2016-01-03   [User ID not found]
-sig        23275189B8E7626C 2016-02-08   [User ID not found]
-sub   rsa4096/717F1F130E3A92E4 2013-09-11 [S] [expired: 2014-09-11]
-sig        29846B3C683686CC 2013-09-11   [keybind]
-sub   rsa4096/A3BD8153BC40FFA0 2013-09-11 [E] [expired: 2014-09-11]
-sig        29846B3C683686CC 2013-09-11   [keybind]
-sub   rsa4096/4102F895D2F1E186 2014-09-08 [S] [expired: 2015-09-08]
-sig        29846B3C683686CC 2014-09-08   [keybind]
-sub   rsa4096/6A98BF5993125AD5 2014-09-08 [E] [expired: 2015-09-08]
-sig        29846B3C683686CC 2014-09-08   [keybind]
-sub   rsa4096/E23BB32C0F129402 2015-09-07 [S] [expired: 2016-09-11]
-sig        29846B3C683686CC 2015-09-07   [keybind]
-sub   rsa4096/B0D1CB47ACC0A961 2015-09-07 [E] [expired: 2016-09-11]
-sig        29846B3C683686CC 2015-09-07   [keybind]

commit bf7e397a84e41f04e955f9dc33efad586498490d
Author: Antoine Beaupré <anarcat@debian.org>
Date:   Tue May 28 12:35:04 2019 -0400

    mikperry key renewal #30648

diff --git a/mikeperry-C963C21D63564E2B10BB335B29846B3C683686CC.gpg b/mikeperry-C963C21D63564E2B10BB335B29846B3C683686CC.gpg
index c5d4bf2..0501cbd 100644
--- a/mikeperry-C963C21D63564E2B10BB335B29846B3C683686CC.gpg
+++ b/mikeperry-C963C21D63564E2B10BB335B29846B3C683686CC.gpg
@@ -8,3 +8,7 @@ uid                           Mike Perry <mikeperry@endarken.info>
 sig        29846B3C683686CC 2015-09-08   [selfsig]
 uid                           Mike Perry <mikeperry@unencrypted.info>
 sig        29846B3C683686CC 2015-09-07   [selfsig]
+sub   rsa4096/660DDE645EEFF156 2019-01-23 [S] [expires: 2020-12-22]
+sig        29846B3C683686CC 2019-01-23   [keybind]
+sub   rsa4096/BB87D54A948287DE 2019-01-23 [E] [expires: 2020-12-22]
+sig        29846B3C683686CC 2019-01-23   [keybind]

Note: See TracTickets for help on using tickets.