pgp: add ExpiredKeys

neolynx · neolynx · commit d2c5f5e5778f · 2026-06-19T11:33:11.000+02:00
diff --git a/pgp/internal.go b/pgp/internal.go
@@ -412,6 +412,12 @@ func (g *GoVerifier) VerifyDetachedSignature(signature, cleartext io.Reader, sho
 		return errors.Wrap(err, "failed to verify detached signature")
 	}
 
+	for _, signer := range signers {
+		if signer.Entity != nil && signer.IsExpired {
+			return errors.Errorf("signature key %s has expired", KeyFromUint64(signer.IssuerKeyID))
+		}
+	}
+
 	return nil
 }
 
@@ -455,7 +461,9 @@ func (g *GoVerifier) VerifyClearsigned(clearsigned io.Reader, showKeyTip bool) (
 
 	for _, signer := range signers {
 		if signer.Entity != nil {
-			if !signer.IsExpired {
+			if signer.IsExpired {
+				result.ExpiredKeys = append(result.ExpiredKeys, KeyFromUint64(signer.IssuerKeyID))
+			} else {
 				result.GoodKeys = append(result.GoodKeys, KeyFromUint64(signer.IssuerKeyID))
 			}
 		} else {
diff --git a/pgp/pgp.go b/pgp/pgp.go
@@ -36,6 +36,7 @@ func KeyFromUint64(key uint64) Key {
 type KeyInfo struct {
 	GoodKeys    []Key
 	MissingKeys []Key
+	ExpiredKeys []Key
 }
 
 // Signer interface describes facility implementing signing of files

Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,7 @@ func KeyFromUint64(key uint64) Key {`
`36`	`36`	`type KeyInfo struct {`
`37`	`37`	`GoodKeys []Key`
`38`	`38`	`MissingKeys []Key`
	`39`	`+ ExpiredKeys []Key`
`39`	`40`	`}`
`40`	`41`
`41`	`42`	`// Signer interface describes facility implementing signing of files`