diff options
author | Kai Michaelis <kai@sequoia-pgp.org> | 2019-01-17 16:04:24 +0100 |
---|---|---|
committer | Kai Michaelis <kai@sequoia-pgp.org> | 2019-01-17 19:02:43 +0100 |
commit | a42be8e74e576c871157aabe6894427347cbd117 (patch) | |
tree | 9381562ca66ba1851daf1be42fe548026b98bbc1 /sqv/src | |
parent | ddf8b43b70e9b89237fe8a8f946582ed7878e367 (diff) |
sqv: check if a key wasn't revoked at signature ctime.
Closes #44
Diffstat (limited to 'sqv/src')
-rw-r--r-- | sqv/src/sqv.rs | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/sqv/src/sqv.rs b/sqv/src/sqv.rs index a1f0c523..ca11d035 100644 --- a/sqv/src/sqv.rs +++ b/sqv/src/sqv.rs @@ -14,7 +14,7 @@ use std::process::exit; use std::fs::File; use std::collections::{HashMap, HashSet}; -use openpgp::{TPK, Packet, packet::Signature, KeyID}; +use openpgp::{TPK, Packet, packet::Signature, KeyID, RevocationStatus}; use openpgp::constants::HashAlgorithm; use openpgp::parse::{Parse, PacketParserResult, PacketParser}; use openpgp::tpk::TPKParser; @@ -251,6 +251,28 @@ fn real_main() -> Result<(), failure::Error> { issuer); break; } + + // check key was valid at sig creation time + let binding = tpk + .subkeys() + .find(|s| { + s.subkey().fingerprint() == key.fingerprint() + }); + if let Some(binding) = binding { + if binding.revoked(t) != RevocationStatus::NotAsFarAsWeKnow { + eprintln!( + "Key was revoked when the signature \ + was created."); + break; + } + } + + if tpk.revoked(t) != RevocationStatus::NotAsFarAsWeKnow { + eprintln!( + "Primary key was revoked when the \ + signature was created."); + break; + } } else { eprintln!( "Signature by {} does not contain \ |