cacert/cacert-webdb
9
0
Fork 0
Code Issues Pull requests 3 Projects Releases 4 Wiki Activity
cacert-webdb/CommModule/openpgp-signature-timestamps.pl
Jan Dittberner ddd60a87f6 Add script to analyze gpg signature timestamps 
This is primarily a debugging tool for critical admins.
2024-10-06 14:03:13 +02:00

78 lines
2.5 KiB
Perl
Raw Permalink Blame History

#!/usr/bin/env perl
# This is a helper tool for debugging purposes. It is meant to output key and
# signature timestamps for signed public keys. The tool matches signatures
# against the public key id of the known signer key defined in the
# $signer_keyid variable.
use strict;
use warnings;
use POSIX;
# configuration for the signer key id
my $signer_keyid = "D2BB0D0165D0FD58";
sub process_gpg_file {
my ($signed_file) = @_;
open(my $gpg_output, "-|", "/usr/bin/gpg -vv --with-colons $signed_file 2>&1") or die("Can't start GnuPG: ".$!."\n");
open(my $debug_output, ">", 'infogpg.txt') or die("Can't open output file: infogpg.txt: ".$!."\n");
parse_gpg_output($gpg_output, $debug_output);
close $debug_output;
close $gpg_output;
}
sub parse_gpg_output {
my ($gpg_output, $debug_output) = @_;
my $key_id;
my @key_expiration_date;
my @key_creation_date;
my @sig_creation_date;
my @sig_expiration_date;
while (<$gpg_output>) {
print $debug_output $_;
unless( @sig_expiration_date ) {
if ( $_ =~ /^(pub|sig):/ ) {
my @fields = split /:/, $_;
if ( $fields[0] eq "pub" ) {
$key_id = $fields[4];
@key_creation_date = gmtime($fields[5]);
if ( $fields[6] ) {
@key_expiration_date = gmtime($fields[6]);
}
} elsif ( $fields[0] eq "sig" && $fields[4] eq $signer_keyid ) {
@sig_creation_date = gmtime($fields[5]);
if ( $fields[6] ) {
@sig_expiration_date = gmtime($fields[6]);
}
}
}
}
}
print "key id: ${key_id}\n";
print "key created: " . POSIX::strftime("%Y-%m-%d %H:%M:%S", @key_creation_date) . "\n";
if ( @key_expiration_date ) {
print "key expires: " . POSIX::strftime("%Y-%m-%d %H:%M:%S", @key_expiration_date) . "\n";
}
if ( @sig_creation_date ) {
print "signature created: " . POSIX::strftime("%Y-%m-%d %H:%M:%S", @sig_creation_date) . "\n";
if ( @sig_expiration_date ) {
print "signature expires: " . POSIX::strftime("%Y-%m-%d %H:%M:%S", @sig_expiration_date) . "\n";
}
} else {
print "There is no signature from the signer key id ${signer_keyid}. This probably means that there is an issue with the signer OpenPGP key.\n";
}
}
my $signed_file = shift;
if ( !$signed_file ) {
print "Usage $0 <signed_file>\n";
exit 1;
}
process_gpg_file($signed_file);
View git blame Copy permalink