sqv: check if a key wasn't revoked at signature ctime.

Closes #44
author: Kai Michaelis <kai@sequoia-pgp.org> 2019-01-17 16:04:24 +0100
committer: Kai Michaelis <kai@sequoia-pgp.org> 2019-01-17 19:02:43 +0100
commit: a42be8e74e576c871157aabe6894427347cbd117 (patch)
tree: 9381562ca66ba1851daf1be42fe548026b98bbc1 /sqv/src
parent: ddf8b43b70e9b89237fe8a8f946582ed7878e367 (diff)
1 files changed, 23 insertions, 1 deletions
diff --git a/sqv/src/sqv.rs b/sqv/src/sqv.rs
index a1f0c523..ca11d035 100644
--- a/sqv/src/sqv.rs
+++ b/sqv/src/sqv.rs
@@ -14,7 +14,7 @@ use std::process::exit;
 use std::fs::File;
 use std::collections::{HashMap, HashSet};
 
-use openpgp::{TPK, Packet, packet::Signature, KeyID};
+use openpgp::{TPK, Packet, packet::Signature, KeyID, RevocationStatus};
 use openpgp::constants::HashAlgorithm;
 use openpgp::parse::{Parse, PacketParserResult, PacketParser};
 use openpgp::tpk::TPKParser;
@@ -251,6 +251,28 @@ fn real_main() -> Result<(), failure::Error> {
                                         issuer);
                                     break;
                                 }
+
+                                // check key was valid at sig creation time
+                                let binding = tpk
+                                    .subkeys()
+                                    .find(|s| {
+                                        s.subkey().fingerprint() == key.fingerprint()
+                                    });
+                                if let Some(binding) = binding {
+                                    if binding.revoked(t) != RevocationStatus::NotAsFarAsWeKnow {
+                                        eprintln!(
+                                            "Key was revoked when the signature \
+                                             was created.");
+                                        break;
+                                    }
+                                }
+
+                                if tpk.revoked(t) != RevocationStatus::NotAsFarAsWeKnow {
+                                    eprintln!(
+                                        "Primary key was revoked when the \
+                                         signature was created.");
+                                    break;
+                                }
                             } else {
                                 eprintln!(
                                     "Signature by {} does not contain \
author	Kai Michaelis <kai@sequoia-pgp.org>	2019-01-17 16:04:24 +0100
committer	Kai Michaelis <kai@sequoia-pgp.org>	2019-01-17 19:02:43 +0100
commit	a42be8e74e576c871157aabe6894427347cbd117 (patch)
tree	9381562ca66ba1851daf1be42fe548026b98bbc1 /sqv/src
parent	ddf8b43b70e9b89237fe8a8f946582ed7878e367 (diff)