search

Nitrokey / pynitrokey

Python client for Nitrokey devices
Apache License 2.0
98 stars 27 forks source link

Repo not signed by a valid (non-expired) key #383

Closed bwildenhain closed 1 year ago

bwildenhain commented 1 year ago

The last commits of this repository where done using @szszszsz GnuPG key which expired (see https://github.com/Nitrokey/pynitrokey/commits/master or "git verify-commit HEAD). Would it be possible to update this key to be able to verify the repos authenticity again?

robin-nitrokey commented 1 year ago

Until the key on GitHub is updated, you can find the valid key here.

szszszsz commented 1 year ago

Hi! Weird, I've updated it a long time ago (I would not be able to use it for signing otherwise). I guess I've sent it to a wrong key server (Ubuntu's?), hence the confusion. I'll recheck.

Edit: It looks good here:

szszszsz commented 1 year ago

Looks good on my side:

~/w/gpg [1]$ podman run -it -v (pwd):/app --rm fedora
[root@1e61dadf6b45 /]# dnf install gpg
Fedora 38 - x86_64                                                        7.2 MB/s |  83 MB     00:11
Fedora 38 openh264 (From Cisco) - x86_64                                  495  B/s | 2.5 kB     00:05
Fedora Modular 38 - x86_64                                                953 kB/s | 2.8 MB     00:02
Fedora 38 - x86_64 - Updates                                              8.3 MB/s |  12 MB     00:01
Fedora Modular 38 - x86_64 - Updates                                      173  B/s | 257  B     00:01
Package gnupg2-2.4.0-3.fc38.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@1e61dadf6b45 /]# gpg --recv-key d9bae35991de5b22
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key D9BAE35991DE5B22: public key "Szczepan Zalega <szczepan.zalega@gmail.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
[root@1e61dadf6b45 /]# gpg --list-key
/root/.gnupg/pubring.kbx
------------------------
pub   rsa4096 2016-01-11 [SC] [expires: 2024-01-17]
      868184069239FF65DE0BCD7DD9BAE35991DE5B22
uid           [ unknown] Szczepan Zalega <szczepan.zalega@gmail.com>
uid           [ unknown] Szczepan Zalega (Nitrokey) <szczepan@nitrokey.com>
sub   rsa4096 2016-01-11 [E] [expires: 2024-01-17]

What key server do you use?

robin-nitrokey commented 1 year ago

I think this is about the key that you add to your GitHub profile.

szszszsz commented 1 year ago

Ok, looks like GH had a hiccup, and now after reupload (to GH) it does not show the key as expired. It was refreshing it automatically for the last 4 years before though.

szszszsz commented 1 year ago

Closing. @bwildenhain Please reopen if that's not fixed your case.