search

keybase / client

Keybase Go Library, Client, Service, OS X, iOS, Android, Electron
BSD 3-Clause "New" or "Revised" License
8.9k stars 1.23k forks source link

The signer of this message is unknown to Keybase #4842

Closed BrandonIngalls closed 7 years ago

BrandonIngalls commented 7 years ago

About

I was revisiting a backup I made a few months ago that was encrypted using keybase, the archive contains a checksum file with a detached signature signed by the keybase client. When I went to verify the signature I received this message.

[~]$ keybase verify -d 20160529.webserver.root.tar.gz.saltpack.hashes.saltpack -i 20160529.webserver.root.tar.gz.saltpack.hashes
Signature verified. The signer of this message is unknown to Keybase.
Signing key ID: 0120bbcfcd9be52b65e21771063edf403e3fd23ee0eabf0f9b8a889603e92d5034280a.

The signature was made with a device key which has since been revoked, I am not sure how I expect keybase to relay this information to me, but I don't think an all green message is the right way to go. It would be nice to have information other than this is a valid signature by an unknown person.

Version Information

[~]$ keybase version
Client:  1.0.18-20161112002654+1498da0
Service: 1.0.18-20161112002654+1498da0

[~]$ rpm -qi keybase
Name        : keybase
Version     : 1.0.18.20161112002654.1498da0
Release     : 1
Architecture: x86_64
Install Date: Sat 12 Nov 2016 10:49:29 AM EST
Group       : Unspecified
Size        : 174460010
License     : BSD
Signature   : RSA/SHA1, Fri 11 Nov 2016 07:58:01 PM EST, Key ID 47484e50656d16c7
Source RPM  : keybase-1.0.18.20161112002654.1498da0-1.src.rpm
Build Date  : Fri 11 Nov 2016 07:53:15 PM EST
Build Host  : 2abeed279d15
Relocations : (not relocatable)
Summary     : Keybase command line client
Description :
Keybase command line client
maxtaco commented 7 years ago

Yeah, this seems like it could be a shortcoming. We'll put this issue into our internal bug tracker and fix it soon. Thank you!

BrandonIngalls commented 7 years ago

Another bug that is related to this...

I decrypted -- with a paper key -- that was signed by one of my old devices, the old has since been revoked.

I received the following message. message

maxtaco commented 7 years ago

CC: @oconnor663 can you look into this issue?

oconnor663 commented 7 years ago

This should be fixed as of https://github.com/keybase/client/pull/5287. Apologies for not commenting here earlier.