Re: Expired key for signed checksums

From: Pat via freebsd-security <freebsd-security_at_freebsd.org>
Date: Sun, 12 Dec 2021 20:40:23 UTC
â€â€â€â€â€â€â€ Original Message â€â€â€â€â€â€â€
On Thursday, November 4, 2021 7:17 PM, Glen Barber <gjb@freebsd.org> wrote:

> On Thu, Nov 04, 2021 at 07:01:50PM +0000, Pat via freebsd-security wrote:
>
> > Hello,
> > I am trying to verify the signed checksum file for FreeBSD 13, but the key that
> > gets checked is showing to be expired:
> > $ gpg --keyserver-options auto-key-retrieve \
> > --keyserver hkps://keyserver.ubuntu.com:443 \
> > --verify CHECKSUM.SHA256-FreeBSD-13.0-RELEASE-amd64.asc
> > gpg: Signature made Tue Apr 13 10:45:44 2021 CDT
> > gpg: using RSA key 8D12403C2E6CAB086CF64DA3031458A5478FE293
> > gpg: requesting key 031458A5478FE293 from hkps server keyserver.ubuntu.com
> > gpg: key 524F0C37A0B946A3: 76 signatures not checked due to missing keys
> > gpg: key 524F0C37A0B946A3: public key "Glen Barber gjb@FreeBSD.org" imported
> > gpg: no ultimately trusted keys found
> > gpg: Total number processed: 1
> > gpg: imported: 1
> > gpg: Good signature from "Glen Barber gjb@FreeBSD.org" [expired]
> > gpg: aka "Glen Barber glen.j.barber@gmail.com" [expired]
> > gpg: aka "Glen Barber gjb@keybase.io" [expired]
> > gpg: aka "Glen Barber gjb@glenbarber.us" [expired]
> > gpg: Note: This key has expired!
> > Primary key fingerprint: 78B3 42BA 26C7 B2AC 681E A7BE 524F 0C37 A0B9 46A3
> > Subkey fingerprint: 8D12 403C 2E6C AB08 6CF6 4DA3 0314 58A5 478F E293
> > It does not matter what keyserver I try, I get the same expiration message. Yet
> > I see the key expiration was bumped[0]. How would I go about getting the updated
> > key? Or am I just going about this all wrong?
>
> https://docs.freebsd.org/en/articles/pgpkeys/#_glen_barber_gjbfreebsd_org
>
> Glen
Thank you Glen, and apologies for the extreme delay in acknowledging
your reply and my success at importing the key. I do appreciate you
having taken the time to reply, despite taking five weeks to say that.

:)