Bug 113190 - [Digital-Signatures][OpenPGP] Revoked and expired keys are listed as available OpenPGP keys
Summary: [Digital-Signatures][OpenPGP] Revoked and expired keys are listed as availabl...
Status: VERIFIED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
5.4.0.0.alpha0+
Hardware: All All
: medium normal
Assignee: Thorsten Behrens (CIB)
URL:
Whiteboard: target:6.0.0 target:5.4.4
Keywords:
Depends on:
Blocks: Digital-Signatures
  Show dependency treegraph
 
Reported: 2017-10-17 14:51 UTC by Eike Rathke
Modified: 2017-10-19 19:36 UTC (History)
1 user (show)

See Also:
Crash report or crash signature:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Eike Rathke 2017-10-17 14:51:04 UTC
In the Digital Signatures -> Sign Document | Select Certificate dialog, revoked and expired keys are listed as available. While the Expiration date is listed, there's no indication of revoked keys.

Revoked and expired keys should not be listed at all as they can't be used for signing.
Comment 1 Commit Notification 2017-10-18 13:07:56 UTC
Thorsten Behrens committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=087a90e27b7219e8c1aaa880b39376c94a0dcaae

gpg4libre fix tdf#113190 don't show expired/invalid keys

It will be available in 6.0.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 2 Thorsten Behrens (CIB) 2017-10-18 13:12:57 UTC
Eike reports it fixed, I had issues before with gpgme misbehaving on key attributes; hope the fix works for the majority of users out there.
Comment 3 Eike Rathke 2017-10-18 13:25:31 UTC
Verified works for me..
Comment 4 Commit Notification 2017-10-19 19:36:46 UTC
Thorsten Behrens committed a patch related to this issue.
It has been pushed to "libreoffice-5-4":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=561d25301bf2a04a2cd34f1674a792167cf5f43b&h=libreoffice-5-4

gpg4libre fix tdf#113190 don't show expired/invalid keys

It will be available in 5.4.4.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.