justinsteven/gpg key expiration test

## gpg key expiration test
# Generate a key valid from 2018-04-01 to 2020-03-30

We time travel using `faketime`

```
% faketime 2018-04-01 gpg --full-gen-key
gpg (GnuPG) 2.1.18; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 2y
Key expires at Tue 31 Mar 2020 00:00:11 AEST
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Test Key
Email address: test@localhost
Comment:
You selected this USER-ID:
    "Test Key <test@localhost>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 0xF72D7478A432973B marked as ultimately trusted
gpg: directory '/home/justin/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/justin/.gnupg/openpgp-revocs.d/55FA4E85E6896861CEA2E402F72D7478A432973B.rev'
public and secret key created and signed.

pub   rsa2048/0xF72D7478A432973B 2018-03-31 [SC] [expires: 2020-03-30]
      55FA4E85E6896861CEA2E402F72D7478A432973B
      Key fingerprint = 55FA 4E85 E689 6861 CEA2  E402 F72D 7478 A432 973B
uid                              Test Key <test@localhost>
sub   rsa2048/0x408D8AB45197C560 2018-03-31 [E] [expires: 2020-03-30]
```

# Export the key

```
% gpg --armor --export 0xF72D7478A432973B
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFq/lHkBCADCgnDRMTrR26RATymwW9WzbhKAx1WEZYktVbtBO9cyI9fNSkLC
HE3SG2PUWbPxKugAWSwk07LPfvqlL3LFd/qwF+paUJNEGquk+QTnyv7CA6F3Xh8X
iWFmaDL/zUhXYD/G94lsv+NeY8UT2lQu8Vwh3cqQXszr71wOgbmWtbb96R+oAhf9
rd790kFydf8Tk+6Kw63n3LB1nzHNPt5rrAkEOI93nf4skaLEwT6TUP2gEimuoWbv
Puf+fFsrr86ts0jHYhYOm9LSRZMMnmhorZuQc2KlctTz7W+/ut+2YkLiegPWFRMr
hSxHVyCcU/eZ0PPWh+7iTbt2MrgFZQ7j83GPABEBAAG0GVRlc3QgS2V5IDx0ZXN0
QGxvY2FsaG9zdD6JAVQEEwEKAD4WIQRV+k6F5oloYc6i5AL3LXR4pDKXOwUCWr+U
eQIbAwUJA8JnAAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRD3LXR4pDKXO+d/
B/9BibJyqZcPrI4eSqLO+Y9YkKWQ77XubCT4F9yPTsiXgiMpVFDSVehNVjsiN99d
P8C2rncID04ylfyAqYGyKmkyCnRfSlNCg29+RUCraEPcCM8TsguCbFlrDI/AhFp5
ZzMpQlacdfzaBhvtWxuimOPrV3DCku7eg4IYHb6XXLDWRehPfJxEU2WRdLrE3kiu
PFNiw0d4By2llFD/I1In3jR08gkE5QHl2Kbflui1fh+Vib4CQ8RdFCO8aRKguKTy
+CEP5KVada20zyMMzZg3rWP1YKhwalY3P4+Lxf0lJYbavXpYQNoSo4Dtu5vVpefo
aENcLUJdpXX8H/B7fnE5MdjbuQENBFq/lHkBCADFFqDTHMxLoeO29M1POGs90S32
2jCbpsV86u+bWz8J51cw/tCKmIOCr5Z5q8tNT5Hg4bfRhblpAqC3CWty3SBcO003
BITnWKA9VzsKc5oXztUpXUuiTrebJsHsrmQwwpwlDKS65v6EywTwuTT+Lcqjdj4w
cNE211XPoj4qWbdpBkSuDwVzJ0vcgPDw267dUsfQ9kPz3rFdNMES38LqLoRE+4cw
55gNaGcFwAxNAq1p3OLOak17IbMiTkwcm/DVER1vGCwpo7XNNwGK0pDHEblSitqE
hSub5IExjYClMxjNRBHPwAZEpXP9n0FyD6evSALYuivbbV/BJ6HQeCk8/QFnABEB
AAGJATwEGAEKACYWIQRV+k6F5oloYc6i5AL3LXR4pDKXOwUCWr+UeQIbDAUJA8Jn
AAAKCRD3LXR4pDKXO3AzB/9xDi86/JS+XKcHqy7gkkycalJowUyX9NIzXPvAkjkr
1sOC+3xQcmaYnGsEFUH8iwJDaiwue6c/x/eMFXUcDLpWSR/Nql0ztkLPqsnOjtzl
UQhQ5P69hxCqsRgy9iVFhRotaOLKS/IV8/KEOfnsx7U9m+R5Ax/BwKo6IL9n4QN5
h2HRyRt86XPB+Wnu+E3EXxM/8EE/OfhU7SLVwwG7NgXz+zRXO7glUzdVfS1qk/iR
bs6Eh1JorSKNsaQfmxXBBrh8HqXF0xP8bqr8FGLscHkvlv2W9Vj8Wq/RWH7Ag7Ed
EQUm8jvCJqOBFBzRJp5rb3KCYyEhQvQR1xF/SBgvyiZB
=n6co
-----END PGP PUBLIC KEY BLOCK-----
```

# Sign a message

We time travel to within the key validity peiod using `faketime`. Otherwise, gpg complains and refuses to use an expired key to do the signing.

```
% echo "My message" | faketime 2018-04-02 gpg --clearsign -u 0xF72D7478A432973B
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

My message
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEVfpOheaJaGHOouQC9y10eKQylzsFAlrA5eAACgkQ9y10eKQy
lztvBQf+Ptxx3oiDnScJFClec2WNuYrDL3H4Tv63OIEeN8tiJItpCSSQYB2oX6MZ
nSegd6l5MHiBFEJ+lFi4JCqfUjoav/XhL9A94meCE9xI31B1Fo1yTWYob+8xLWZN
n0Tx0AtM0k+7mFl902r0Cu+e5DOxalTReVQp5IHqxK4u1g7KQjIGWYM+WTb96H/Z
RDapskb8T6zpN0D4IPZWPiUrLIKw+x3qSr8sNLGJMsKNRIyRLwYrSIDdVZIsmDzH
wStwZkAEWP1NNGVi8PXK2SD/lLmGhhMhJIj93ld8IL3fboQ28fOGys1o/Dm1RT/3
dfB3K1sM3dqxDa3WrJdk+pcZrcu4gQ==
=dYoC
-----END PGP SIGNATURE-----
```

# Confirm the message doesn't validate outside of the key validity period

```
% cat <<EOF | gpg --verify
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

My message
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEVfpOheaJaGHOouQC9y10eKQylzsFAlrA5eAACgkQ9y10eKQy
lztvBQf+Ptxx3oiDnScJFClec2WNuYrDL3H4Tv63OIEeN8tiJItpCSSQYB2oX6MZ
nSegd6l5MHiBFEJ+lFi4JCqfUjoav/XhL9A94meCE9xI31B1Fo1yTWYob+8xLWZN
n0Tx0AtM0k+7mFl902r0Cu+e5DOxalTReVQp5IHqxK4u1g7KQjIGWYM+WTb96H/Z
RDapskb8T6zpN0D4IPZWPiUrLIKw+x3qSr8sNLGJMsKNRIyRLwYrSIDdVZIsmDzH
wStwZkAEWP1NNGVi8PXK2SD/lLmGhhMhJIj93ld8IL3fboQ28fOGys1o/Dm1RT/3
dfB3K1sM3dqxDa3WrJdk+pcZrcu4gQ==
=dYoC
-----END PGP SIGNATURE-----

EOF

gpg: Signature made Mon 02 Apr 2018 00:00:00 AEST
gpg:                using RSA key 55FA4E85E6896861CEA2E402F72D7478A432973B
gpg: Good signature from "Test Key <test@localhost>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 55FA 4E85 E689 6861 CEA2  E402 F72D 7478 A432 973B
```

We get a notice that the key has expired.
	# Generate a key valid from 2018-04-01 to 2020-03-30

	We time travel using `faketime`

	```
	% faketime 2018-04-01 gpg --full-gen-key
	gpg (GnuPG) 2.1.18; Copyright (C) 2017 Free Software Foundation, Inc.
	This is free software: you are free to change and redistribute it.
	There is NO WARRANTY, to the extent permitted by law.

	Please select what kind of key you want:
	(1) RSA and RSA (default)
	(2) DSA and Elgamal
	(3) DSA (sign only)
	(4) RSA (sign only)
	Your selection? 1
	RSA keys may be between 1024 and 4096 bits long.
	What keysize do you want? (3072) 2048
	Requested keysize is 2048 bits
	Please specify how long the key should be valid.
	0 = key does not expire
	<n> = key expires in n days
	<n>w = key expires in n weeks
	<n>m = key expires in n months
	<n>y = key expires in n years
	Key is valid for? (0) 2y
	Key expires at Tue 31 Mar 2020 00:00:11 AEST
	Is this correct? (y/N) y

	GnuPG needs to construct a user ID to identify your key.

	Real name: Test Key
	Email address: test@localhost
	Comment:
	You selected this USER-ID:
	"Test Key <test@localhost>"

	Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
	We need to generate a lot of random bytes. It is a good idea to perform
	some other action (type on the keyboard, move the mouse, utilize the
	disks) during the prime generation; this gives the random number
	generator a better chance to gain enough entropy.
	We need to generate a lot of random bytes. It is a good idea to perform
	some other action (type on the keyboard, move the mouse, utilize the
	disks) during the prime generation; this gives the random number
	generator a better chance to gain enough entropy.
	gpg: key 0xF72D7478A432973B marked as ultimately trusted
	gpg: directory '/home/justin/.gnupg/openpgp-revocs.d' created
	gpg: revocation certificate stored as '/home/justin/.gnupg/openpgp-revocs.d/55FA4E85E6896861CEA2E402F72D7478A432973B.rev'
	public and secret key created and signed.

	pub rsa2048/0xF72D7478A432973B 2018-03-31 [SC] [expires: 2020-03-30]
	55FA4E85E6896861CEA2E402F72D7478A432973B
	Key fingerprint = 55FA 4E85 E689 6861 CEA2 E402 F72D 7478 A432 973B
	uid Test Key <test@localhost>
	sub rsa2048/0x408D8AB45197C560 2018-03-31 [E] [expires: 2020-03-30]
	```

	# Export the key

	```
	% gpg --armor --export 0xF72D7478A432973B
	-----BEGIN PGP PUBLIC KEY BLOCK-----

	mQENBFq/lHkBCADCgnDRMTrR26RATymwW9WzbhKAx1WEZYktVbtBO9cyI9fNSkLC
	HE3SG2PUWbPxKugAWSwk07LPfvqlL3LFd/qwF+paUJNEGquk+QTnyv7CA6F3Xh8X
	iWFmaDL/zUhXYD/G94lsv+NeY8UT2lQu8Vwh3cqQXszr71wOgbmWtbb96R+oAhf9
	rd790kFydf8Tk+6Kw63n3LB1nzHNPt5rrAkEOI93nf4skaLEwT6TUP2gEimuoWbv
	Puf+fFsrr86ts0jHYhYOm9LSRZMMnmhorZuQc2KlctTz7W+/ut+2YkLiegPWFRMr
	hSxHVyCcU/eZ0PPWh+7iTbt2MrgFZQ7j83GPABEBAAG0GVRlc3QgS2V5IDx0ZXN0
	QGxvY2FsaG9zdD6JAVQEEwEKAD4WIQRV+k6F5oloYc6i5AL3LXR4pDKXOwUCWr+U
	eQIbAwUJA8JnAAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRD3LXR4pDKXO+d/
	B/9BibJyqZcPrI4eSqLO+Y9YkKWQ77XubCT4F9yPTsiXgiMpVFDSVehNVjsiN99d
	P8C2rncID04ylfyAqYGyKmkyCnRfSlNCg29+RUCraEPcCM8TsguCbFlrDI/AhFp5
	ZzMpQlacdfzaBhvtWxuimOPrV3DCku7eg4IYHb6XXLDWRehPfJxEU2WRdLrE3kiu
	PFNiw0d4By2llFD/I1In3jR08gkE5QHl2Kbflui1fh+Vib4CQ8RdFCO8aRKguKTy
	+CEP5KVada20zyMMzZg3rWP1YKhwalY3P4+Lxf0lJYbavXpYQNoSo4Dtu5vVpefo
	aENcLUJdpXX8H/B7fnE5MdjbuQENBFq/lHkBCADFFqDTHMxLoeO29M1POGs90S32
	2jCbpsV86u+bWz8J51cw/tCKmIOCr5Z5q8tNT5Hg4bfRhblpAqC3CWty3SBcO003
	BITnWKA9VzsKc5oXztUpXUuiTrebJsHsrmQwwpwlDKS65v6EywTwuTT+Lcqjdj4w
	cNE211XPoj4qWbdpBkSuDwVzJ0vcgPDw267dUsfQ9kPz3rFdNMES38LqLoRE+4cw
	55gNaGcFwAxNAq1p3OLOak17IbMiTkwcm/DVER1vGCwpo7XNNwGK0pDHEblSitqE
	hSub5IExjYClMxjNRBHPwAZEpXP9n0FyD6evSALYuivbbV/BJ6HQeCk8/QFnABEB
	AAGJATwEGAEKACYWIQRV+k6F5oloYc6i5AL3LXR4pDKXOwUCWr+UeQIbDAUJA8Jn
	AAAKCRD3LXR4pDKXO3AzB/9xDi86/JS+XKcHqy7gkkycalJowUyX9NIzXPvAkjkr
	1sOC+3xQcmaYnGsEFUH8iwJDaiwue6c/x/eMFXUcDLpWSR/Nql0ztkLPqsnOjtzl
	UQhQ5P69hxCqsRgy9iVFhRotaOLKS/IV8/KEOfnsx7U9m+R5Ax/BwKo6IL9n4QN5
	h2HRyRt86XPB+Wnu+E3EXxM/8EE/OfhU7SLVwwG7NgXz+zRXO7glUzdVfS1qk/iR
	bs6Eh1JorSKNsaQfmxXBBrh8HqXF0xP8bqr8FGLscHkvlv2W9Vj8Wq/RWH7Ag7Ed
	EQUm8jvCJqOBFBzRJp5rb3KCYyEhQvQR1xF/SBgvyiZB
	=n6co
	-----END PGP PUBLIC KEY BLOCK-----
	```

	# Sign a message

	We time travel to within the key validity peiod using `faketime`. Otherwise, gpg complains and refuses to use an expired key to do the signing.

	```
	% echo "My message" \| faketime 2018-04-02 gpg --clearsign -u 0xF72D7478A432973B
	-----BEGIN PGP SIGNED MESSAGE-----
	Hash: SHA512

	My message
	-----BEGIN PGP SIGNATURE-----

	iQEzBAEBCgAdFiEEVfpOheaJaGHOouQC9y10eKQylzsFAlrA5eAACgkQ9y10eKQy
	lztvBQf+Ptxx3oiDnScJFClec2WNuYrDL3H4Tv63OIEeN8tiJItpCSSQYB2oX6MZ
	nSegd6l5MHiBFEJ+lFi4JCqfUjoav/XhL9A94meCE9xI31B1Fo1yTWYob+8xLWZN
	n0Tx0AtM0k+7mFl902r0Cu+e5DOxalTReVQp5IHqxK4u1g7KQjIGWYM+WTb96H/Z
	RDapskb8T6zpN0D4IPZWPiUrLIKw+x3qSr8sNLGJMsKNRIyRLwYrSIDdVZIsmDzH
	wStwZkAEWP1NNGVi8PXK2SD/lLmGhhMhJIj93ld8IL3fboQ28fOGys1o/Dm1RT/3
	dfB3K1sM3dqxDa3WrJdk+pcZrcu4gQ==
	=dYoC
	-----END PGP SIGNATURE-----
	```

	# Confirm the message doesn't validate outside of the key validity period

	```
	% cat <<EOF \| gpg --verify
	-----BEGIN PGP SIGNED MESSAGE-----
	Hash: SHA512

	My message
	-----BEGIN PGP SIGNATURE-----

	iQEzBAEBCgAdFiEEVfpOheaJaGHOouQC9y10eKQylzsFAlrA5eAACgkQ9y10eKQy
	lztvBQf+Ptxx3oiDnScJFClec2WNuYrDL3H4Tv63OIEeN8tiJItpCSSQYB2oX6MZ
	nSegd6l5MHiBFEJ+lFi4JCqfUjoav/XhL9A94meCE9xI31B1Fo1yTWYob+8xLWZN
	n0Tx0AtM0k+7mFl902r0Cu+e5DOxalTReVQp5IHqxK4u1g7KQjIGWYM+WTb96H/Z
	RDapskb8T6zpN0D4IPZWPiUrLIKw+x3qSr8sNLGJMsKNRIyRLwYrSIDdVZIsmDzH
	wStwZkAEWP1NNGVi8PXK2SD/lLmGhhMhJIj93ld8IL3fboQ28fOGys1o/Dm1RT/3
	dfB3K1sM3dqxDa3WrJdk+pcZrcu4gQ==
	=dYoC
	-----END PGP SIGNATURE-----

	EOF

	gpg: Signature made Mon 02 Apr 2018 00:00:00 AEST
	gpg: using RSA key 55FA4E85E6896861CEA2E402F72D7478A432973B
	gpg: Good signature from "Test Key <test@localhost>" [expired]
	gpg: Note: This key has expired!
	Primary key fingerprint: 55FA 4E85 E689 6861 CEA2 E402 F72D 7478 A432 973B
	```

	We get a notice that the key has expired.