Add script to analyze gpg signature timestamps
This is primarily a debugging tool for critical admins.
This commit is contained in:
parent
8ca6e44c69
commit
ddd60a87f6
1 changed files with 78 additions and 0 deletions
78
CommModule/openpgp-signature-timestamps.pl
Normal file
78
CommModule/openpgp-signature-timestamps.pl
Normal file
|
|
@ -0,0 +1,78 @@
|
|||
#!/usr/bin/env perl
|
||||
# This is a helper tool for debugging purposes. It is meant to output key and
|
||||
# signature timestamps for signed public keys. The tool matches signatures
|
||||
# against the public key id of the known signer key defined in the
|
||||
# $signer_keyid variable.
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use POSIX;
|
||||
|
||||
# configuration for the signer key id
|
||||
my $signer_keyid = "D2BB0D0165D0FD58";
|
||||
|
||||
sub process_gpg_file {
|
||||
my ($signed_file) = @_;
|
||||
open(my $gpg_output, "-|", "/usr/bin/gpg -vv --with-colons $signed_file 2>&1") or die("Can't start GnuPG: ".$!."\n");
|
||||
open(my $debug_output, ">", 'infogpg.txt') or die("Can't open output file: infogpg.txt: ".$!."\n");
|
||||
|
||||
parse_gpg_output($gpg_output, $debug_output);
|
||||
|
||||
close $debug_output;
|
||||
close $gpg_output;
|
||||
}
|
||||
|
||||
sub parse_gpg_output {
|
||||
my ($gpg_output, $debug_output) = @_;
|
||||
|
||||
my $key_id;
|
||||
my @key_expiration_date;
|
||||
my @key_creation_date;
|
||||
my @sig_creation_date;
|
||||
my @sig_expiration_date;
|
||||
|
||||
while (<$gpg_output>) {
|
||||
print $debug_output $_;
|
||||
unless( @sig_expiration_date ) {
|
||||
if ( $_ =~ /^(pub|sig):/ ) {
|
||||
my @fields = split /:/, $_;
|
||||
if ( $fields[0] eq "pub" ) {
|
||||
$key_id = $fields[4];
|
||||
@key_creation_date = gmtime($fields[5]);
|
||||
if ( $fields[6] ) {
|
||||
@key_expiration_date = gmtime($fields[6]);
|
||||
}
|
||||
} elsif ( $fields[0] eq "sig" && $fields[4] eq $signer_keyid ) {
|
||||
@sig_creation_date = gmtime($fields[5]);
|
||||
if ( $fields[6] ) {
|
||||
@sig_expiration_date = gmtime($fields[6]);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
print "key id: ${key_id}\n";
|
||||
print "key created: " . POSIX::strftime("%Y-%m-%d %H:%M:%S", @key_creation_date) . "\n";
|
||||
if ( @key_expiration_date ) {
|
||||
print "key expires: " . POSIX::strftime("%Y-%m-%d %H:%M:%S", @key_expiration_date) . "\n";
|
||||
}
|
||||
if ( @sig_creation_date ) {
|
||||
print "signature created: " . POSIX::strftime("%Y-%m-%d %H:%M:%S", @sig_creation_date) . "\n";
|
||||
if ( @sig_expiration_date ) {
|
||||
print "signature expires: " . POSIX::strftime("%Y-%m-%d %H:%M:%S", @sig_expiration_date) . "\n";
|
||||
}
|
||||
} else {
|
||||
print "There is no signature from the signer key id ${signer_keyid}. This probably means that there is an issue with the signer OpenPGP key.\n";
|
||||
}
|
||||
}
|
||||
|
||||
my $signed_file = shift;
|
||||
|
||||
if ( !$signed_file ) {
|
||||
print "Usage $0 <signed_file>\n";
|
||||
exit 1;
|
||||
}
|
||||
|
||||
process_gpg_file($signed_file);
|
||||
|
||||
Loading…
Reference in a new issue