Using GPG to get certificate expiration data

  Kiến thức lập trình

I am trying to get cert expiration data from a .PGP file, so I ran this command:

$ gpg --list-packets ./mycert.pgp

This is the resultant output, with the parts I perceive as relevant highlighted using the notation “<—— HERE”:

# off=0 ctb=99 tag=6 hlen=3 plen=269
:public key packet:
        version 4, algo 1, created 1658851728,expires 0   <-------- HERE
        pkey[0]: [2048 bits]
        pkey[1]: [17 bits]
        keyid: 067A7B47D1B82B2E
# off=272 ctb=b4 tag=13 hlen=2 plen=59
:user ID packet: "Chuck Smith [email protected]"
# off=333 ctb=89 tag=2 hlen=3 plen=320
:signature packet: algo 1, keyid 067A7B47D1B82B2E
        version 4, created 1658851728, md5len 0, sigclass 0x10
        digest algo 8, begin of digest 31 67
        **hashed subpkt 2 len 4 (sig created 2022-07-26)   <-------- HERE
        hashed subpkt 9 len 4 (key expires after 1y98d0h0m)**  <-------- HERE
        hashed subpkt 11 len 8 (pref-sym-algos: 2 1 3 7 8 9 10 4)

…and so on. It goes on and on, but these are the parts I spotted that seemed to be about expiration.

The first line I called out says “expires 0” and seems to me to imply that the cert will never expire. The second and third call-outs seem to imply an expiration date that’s already passed (July 26th, 2022 plus 1 year, 98 days).

The second and third lines seem more explicit. The first line is much more terse. So, if you showed me this data without context, and pressed me for an answer, I would probably say “this cert is expired.”

However, so far as I can tell, this cert continues to work well for the purpose I am using it for (asymmetric key encryption for a recipient outside my company). Everyone is still getting their data and is able to decrypt it.

So, I have two theories:

  1. The cert is expired, but the key-pair remains mathematically valid for encryption purposes. We’re still using it, and neither of us cares to validate or enforce the putative expiration date.

  2. The cert really does never expire, as per the first line I called out. The GPG output format is a bit obscure, and the second and third line I called out mean something, but they don’t represent the data I am looking for.

I am leaning towards option 1 above, but I am curious what others know about this. Thanks!

Theme wordpress giá rẻ Theme wordpress giá rẻ Thiết kế website

LEAVE A COMMENT