#1104814 /usr/bin/gpgparticipants-filter: gpgparticipants-filter: Doesn't skip expired keys

Package:
signing-party
Source:
signing-party
Description:
Various OpenPGP related tools
Submitter:
Uwe Kleine-König
Date:
2025-07-11 15:51:02 UTC
Severity:
normal
Tags:
#1104814#5
Date:
2025-05-06 20:24:21 UTC
From:
To:
Hello,

gpgparticipants-filter doesn't skip revoked and expired keys, so the
--all-keys option is a noop.

The following change fixes that:

diff --git a/gpgparticipants/gpgparticipants-filter b/gpgparticipants/gpgparticipants-filter
index 7e33dc3286be..38bdcdc4d2c7 100755
--- a/gpgparticipants/gpgparticipants-filter
+++ b/gpgparticipants/gpgparticipants-filter
@@ -118,7 +118,7 @@ def key_data_from(raw_data_set):
     return KeyDataSet(
         raw_data_set.data_field_from_lines(9, b'fpr')[0],
         raw_data_set.data_field_from_lines(9, b'uid'),
-        raw_data_set.data_field_from_lines(9, b'pub')[0],
+        raw_data_set.data_field_from_lines(1, b'pub')[0],
     )


According to the gpg documentation field 10 (which is indexed using 1
for the first field and so matches Python array index 9) is the User-ID
which is usually (always?) empty in "pub" lines. The validity is in
field 2.

This bug exists since 2.11-1 when gpgparticipants-filter was introduced
in commit 731d436f839a.

Best regards
Uwe