. '''To Software''' '''[[Software|Software]]''' - '''To Software-Assessment - ''' '''[[Software/Assessment|Software/Assessment]]''' - '''To Current Test - ''' '''[[Software/CurrentTest|Software/CurrentTest]]'''

----

= Software Current Tests - Bug 911 (GPG key expired bug) =

 ||<#00FF00> '''2011-07-20 00:00 - Bug 911 last updated''' ||

== Background Informations, Instructions ==

== Testserver Links ==
   || [[Software/CurrentTest|Main Entry Info Page for Software Testers]] || [[Software/CurrentTest]] ||
   || [[http://cacert1.it-sls.de|Testserver Main Entry Page]] || [[http://cacert1.it-sls.de]] ||
   || [[https://ca-mgr1.it-sls.de/login|Testserver Mgmt System Entry Page]] || [[https://ca-mgr1.it-sls.de/login]] ||
   || [[Software/Assessment/TestserverManagementSystem|Testserver Mgmt System Docu]] || [[Software/Assessment/TestserverManagementSystem]] ||
   || [[Software/Assessment/FAQ|Testers and Developers FAQ]] || [[Software/Assessment/FAQ]] ||
   || [[https://bugs.cacert.org|Bugtracker (for reporting]] || [[https://bugs.cacert.org]] ||

== Testserver 1: http://cacert1.it-sls.de ==


<<BR>>

 || 14.1 || Patch || (!) [[https://bugs.cacert.org/view.php?id=911|Bugs # 911]] {*} {*} ||
 || 14.2 || Developer || NEO ||
 ||<^> 14.3 ||<^> Purpose of patch || 0000911: Wrong expiration time in newly added GPG Key if Key has no Expire date ||
 ||<^> 14.4 ||<^> Patch Area || GPG/PGP keys ||
 || 14.5 || Patch Testing Requirements || assured member, at least 50 pts ||
 ||<^> 14.6 ||<^> Remarks || test gpg keys w/ & w/o expiry date set<<BR>>[[Software/CurrentTest/bug911|Bug 911 - Instructions/Infos]] ||

== Instructions and Sample Test Matrix for Software Testers ==

=== Introduction ===

In the error case users received expired GPG keys in the view GPG keys list with date set "1971-01-02" in expires field with realy fresh new created GPG keys, expiry date set or not at built time.


==== CAcert's points system for Assuree's and Assurers is as follows: ====

 || 0-49 pts || Assurance points, Certs that expires after 1/2 year ||
 || 50-99 pts || Assurance points, Certs expires after 2 years addtl. GPG/PGP keys can be added ||
 || 100 pts   || Fully Assured (same as 50-99) ||
 || 100 pts   || CATS will be added and activated if CATS passed<<BR>>Possibility to request Codesigning (adding Codesigning flag onto the account possible)<<BR>>Possibility to assure others ||
 || (100+) 0-50 pts  ||   Experience points for each assurance you'll receive 2 experience points ||

==== The GPG key and the Expiry date shown in GPG view keys list ====

A note towards the expire date as shown by CAcert: There is a bug which has hopefully been fixed on the test system but from what I gather from the comments above there is also a misunderstanding:

The expiry date shown is not that of the key itself but of the Signature of CAcert.<<BR>>
That means your key will still be valid in general but the signature that CAcert did on your key will expire so you just have to resign it to get a valid signature again.

Unfortunately most GUI tools don't show the expiration of a signature.<<BR>>
On the command line you can check out the validity of the signatures on a key by running<<BR>>
"gpg --check-sigs <key-ID>". The "X" indicates an eXpired signature.  


=== Preliminaries ===

For this test you'll need:

 * one account with at least 50 assurance points.

 * GnuPG installed on your local machine (to create gpg keys)


=== Instructions to create pgp test keys ===

   {{{
gpg --gen-key
Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection? -> 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) -> 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) -> Enter
Key does not expire at all
Is this correct? (y/N) -> y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: -> My Givenname Surname
Email address: -> my@email.tld
Comment: 
You selected this USER-ID:
    "My Givenname Surname <my@email.tld>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? -> o
You need a Passphrase to protect your secret key.

Enter passphrase: -> enter a passphrase
Repeat passphrase: -> enter your passphrase
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++++++++++++...++++++++++.+++++++++++++++++++++++++.+++++++++++++++++++++++++
+++++..+++++.++++++++++..++++++++++.+++++++++++++++...++++++++++>++++++++++.<.++
+++...>++++++++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
..+++++.+++++++++++++++....++++++++++.++++++++++.+++++.+++++...++++++++++.++++++
++++...++++++++++.+++++.+++++++++++++++.+++++..+++++..++++++++++.+++++++++++++++
.++++++++++.+++++..+++++++++++++++>+++++.+++++...++++++++++++++++++++.+++++..+++
++...+++++....+++++>.+++++>+++++>...+++++.......................................
...............................................+++++^^^
gpg: key 5C68118C marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   1024D/5C68118C 2011-07-19
      Key fingerprint = 95F2 D66C 4313 839C 77FD  F374 AAF6 0782 5C68 118C
uid                  My Givenname Surname <my@email.tld>
sub   4096g/5C7F1F26 2011-07-19


Export:  (for copy & paste to CAcert website form GPG signing request)
gpg --export --armor>ascii-key-filename.extension


For debugging:
gpg -v ascii-key-filename.extension


FAQ:
1. Q: I have problems with my middlename (eg invalid chars)
    A: remove middlename

}}}



 
=== Test Matrix for Testers ===
 1. create a new key, set expire option to '0'
 1. create a new key, set expire option > '0'  (days, weeks, months, years)
 1. variations in used algorythm
 1. variations in key-length

=== Reporting ===

Report the results under:<<BR>>
 [[https://bugs.cacert.org/view.php?id=911]]<<BR>>
of each step you walk thru

Add the used parameters in key generation to the report

report about 5 lines from the signed key:<<BR>>
Output ->  gpg -vv your-signed-key.gpg<<BR>>
that includes the "md5len" and "critical hashed subpkt" lines

sample:
 {{{
    :signature packet: algo 17, keyid 4BE7348177F751AC
        version 4, created 1311159161, md5len 0, sigclass 0x10
        digest algo 2, begin of digest 55 de
        hashed subpkt 2 len 4 (sig created 2011-07-20)
        critical hashed subpkt 3 len 4 (sig expires after 1y1d0h0m)
}}}

=== Additional Tests ===

find yourself addtl. test variations ...


'''''Happy testing'''''

----
 . CategorySoftwareAssessment