From nobody Thu Nov 4 19:17:42 2021 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7F4DC183FF30 for ; Thu, 4 Nov 2021 19:17:45 +0000 (UTC) (envelope-from gjb@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HlYLd3Dkdz3trX; Thu, 4 Nov 2021 19:17:45 +0000 (UTC) (envelope-from gjb@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1636053465; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=QEgd5EVyS/WV6r4fLBZod7jcD5DQ8gZdPzTOxR+6oA8=; b=ine2Me5xHOyeU5zzHU/ciFEKNWPkMODUJ0qDpr73jtrA/fTHDc0W3w/MormIEJ64NT3p+e p+PUUa0SJiRTERKfsEufIs/nvt06YsaEz4sifohofTvsS/lYRigUyyyfVefQ6uwWDIcQL7 I1QY6cEqA7kbwuhBeALsvzm4Na1f3Hp0e+ZB1Td0qa4Bzf5/Q19pY/8F31cHruXu42uILi h8yBlEPKVLX9Xvo+y5Qe4ezCbgLavW3VG+lNO35fuSb7N5MCcmtveuV5lnn2yROs66FyGe dxA1KNOHBqOMbT73EYecphCMzxRg1T974bJ4x+KBpXK5FXpdWIYNqDuY+PBTLw== Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by freefall.freebsd.org (Postfix) with ESMTPS id E72EE1DCB0; Thu, 4 Nov 2021 19:17:44 +0000 (UTC) (envelope-from gjb@freebsd.org) Date: Thu, 4 Nov 2021 19:17:42 +0000 From: Glen Barber To: Pat Cc: "freebsd-security@freebsd.org" Subject: Re: Expired key for signed checksums Message-ID: <20211104191742.GK69504@FreeBSD.org> References: List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="jcZk2Ix8j3PVOBnV" Content-Disposition: inline In-Reply-To: ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1636053465; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=QEgd5EVyS/WV6r4fLBZod7jcD5DQ8gZdPzTOxR+6oA8=; b=CUwJECWsUaOfqLgev1tiwKUTUTH9NmuvzEMg61RHM6P3U6nAJmpyMag9lnsA1kRJ+M8yAm +Mzi/oabeeO1goMSAuJqQEhTSEDO6nFgqw4f1YKtPS0OTnNMqITZN6rqoCTBJC6jzLRYmj k+PGry7ARqQO8t3RjBdxxzEE4SVKEF97RYVo3Bn2e/htj7+h53NAQIpkD6oET20Nu404s0 DdEgVIMfPS1rwQI+Xs8tyagd1T+qOz88QTWRLdo3zCYiLh6bw5hlBi4pFyuORcWleeFxXn Hg5s/PrqMI0Lrke/eUbGbVBhYqkGcAgZuU6zcYMUgtdso+JzPEy3rpakWKTNfw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1636053465; a=rsa-sha256; cv=none; b=FXDKMsQ1oiFWz0SiD5JeWjlgUlQZZTpyV6XkrDqwGHyqOwnmBylUgiv/4gS65Fv2TWowjs Cwzts+9xwfxKpi7c/IOyifZ+X1XvMrKa2SGy/cHP7ycJ8EAa9DM670kclsserwgElYiNQ8 JhCw7/1GWqAgqsLn2AIvluLHwiEsQfGJsYFJO8vyqr9Nx21SOUvWI6mx/gD161lWV7GXUt hSvsDfkmuiJwGRhm+ZYkRb52JU28qvE+MGri2ZqTKWC6iNc5Jhdamm/n/JRdRkI6eioSpi PaUMCpmHYXMvZwRVVaAkkAnqHm31UbF3N0fvw8UOoc346XxxzPZtV3Du+9UWvg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N --jcZk2Ix8j3PVOBnV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Nov 04, 2021 at 07:01:50PM +0000, Pat via freebsd-security wrote: > Hello, >=20 > I am trying to verify the signed checksum file for FreeBSD 13, but the ke= y that > gets checked is showing to be expired: > $ gpg --keyserver-options auto-key-retrieve \ > --keyserver hkps://keyserver.ubuntu.com:443 \ > --verify CHECKSUM.SHA256-FreeBSD-13.0-RELEASE-amd64.asc > gpg: Signature made Tue Apr 13 10:45:44 2021 CDT > gpg: using RSA key 8D12403C2E6CAB086CF64DA3031458A5478FE293 > gpg: requesting key 031458A5478FE293 from hkps server keyserver.ubuntu.com > gpg: key 524F0C37A0B946A3: 76 signatures not checked due to missing keys > gpg: key 524F0C37A0B946A3: public key "Glen Barber " imp= orted > gpg: no ultimately trusted keys found > gpg: Total number processed: 1 > gpg: imported: 1 > gpg: Good signature from "Glen Barber " [expired] > gpg: aka "Glen Barber " [expired] > gpg: aka "Glen Barber " [expired] > gpg: aka "Glen Barber " [expired] > gpg: Note: This key has expired! > Primary key fingerprint: 78B3 42BA 26C7 B2AC 681E A7BE 524F 0C37 A0B9 46A3 > Subkey fingerprint: 8D12 403C 2E6C AB08 6CF6 4DA3 0314 58A5 478F E293 >=20 > It does not matter what keyserver I try, I get the same expiration messag= e. Yet > I see the key expiration was bumped[0]. How would I go about getting the = updated > key? Or am I just going about this all wrong? >=20 https://docs.freebsd.org/en/articles/pgpkeys/#_glen_barber_gjbfreebsd_org Glen --jcZk2Ix8j3PVOBnV Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAmGEMdYACgkQAxRYpUeP 4pOb4Q//Wc9ccrIWoYvZHokDPWnSqQp8nJxfMsyiNgom35gNjSPdfBUsBs8pm67E QG65LKIquu6V5IKP01AiVUkDzFjoB6zlNTEUfYQv0kSRbjMhvV2yElNikPvTQyBU 8NlBFzHhOsC9rOf6Lm26a+lAwPTWKZ2l6o9wDa/wBMY822RMWXUzmHQpB3LcjDdU m4XAMkSNGcbuGMQrDbXBqfatihLeUgEnnoGgZWbUwvfJrkH6wFF4BI0BGbwzY7ld 9qCqI2u2lNVSSWyNaStgstwm5VpWY8JuH4fdCQqaA4WrtdfSovfNfzAmvyhzw7jz B3nKAWsMyt97Xy7RnOI5u8HsaLqgPmpSNKk8Y0rZcBEokY+lJ7ZK5rMfMG5oYKUE Zi+DoFwBnXx7bD3KbgAoZ2XzqiIe21F+/3nSv/GhuuGKQz0NuaEQFbGUum1YPFkr q3G2qVajhUxQQh336O4s6+89KcSmFvrIv9mD6kkYo5XhpIZfGY4SFqBAuUfSEUgA i6LGrooMMBZATFIvHZNjllUOHhDDU+kLyvUloLWDQE9HjexZtNeiVTpBpLFQOJyW f3iuwOsPo8C64MME6ksulU9ecXoA89WkruZgAabg8R0ZQdHALEUfYCLzAUV8dsHi Kn1irNTlmBNbfE5Vs7obQSJtFF6pzoyldk1H/DnS1QPeH0gStUo= =Bujy -----END PGP SIGNATURE----- --jcZk2Ix8j3PVOBnV--