[feat] expired public key are remotely fetched if expired

- private key is not allowed to be fetched remotely
- fetch_remote needs to be specifically set
- if a new key is fetched (ie different KeyID), the validation
  rule applies

3 files changed, 5 insertions, 4 deletions

diff --git a/src/leap/bitmask/keymanager/__init__.py b/src/leap/bitmask/keymanager/__init__.py
index 6eeaecc9..2014524f 100644
--- a/src/leap/bitmask/keymanager/__init__.py
+++ b/src/leap/bitmask/keymanager/__init__.py
@@ -210,7 +210,7 @@ class KeyManager(object):
     @defer.inlineCallbacks
     def get_inactive_private_keys(self):
         """
-        Return all inactive private keys bound to address, that can are
+        Return all inactive private keys bound to address, that are
         stored locally.
         This can be used to attempt decryption from multiple keys.
 
@@ -494,7 +494,8 @@ class KeyManager(object):
         """
         Decrypt data using private key from address and verify with public key
         bound to verify address. If the decryption using the active private
-        key fails, then decription using the inactive key, if any, is tried.
+        key fails, then decryption with inactive keys, if any, is recursively
+        tried.
 
         :param data: The data to be decrypted.
         :type data: str
diff --git a/src/leap/bitmask/keymanager/keys.py b/src/leap/bitmask/keymanager/keys.py
index 4a3aa403..6c0c64ff 100644
--- a/src/leap/bitmask/keymanager/keys.py
+++ b/src/leap/bitmask/keymanager/keys.py
@@ -330,7 +330,7 @@ class OpenPGPKey(object):
     def needs_renewal(self, pre_expiration_threshold=DEFAULT_THRESHOLD):
         """
         Indicates if the key is inside the renewal period. For ease of
-        transition keys should be renewed before they expire.
+        transition keys should be renewed/extended before they expire.
 
         :param pre_expiration_threshold: the amount of days before expiry date
                 whereby the key should be renewed -- default value is 60 days
diff --git a/src/leap/bitmask/keymanager/openpgp.py b/src/leap/bitmask/keymanager/openpgp.py
index a856ee06..984e1e68 100644
--- a/src/leap/bitmask/keymanager/openpgp.py
+++ b/src/leap/bitmask/keymanager/openpgp.py
@@ -590,7 +590,7 @@ class OpenPGPScheme(object):
         Reset sign_used flag for all keys in storage, to False...
         to indicate that the key pair has not interacted with all
         keys in the key ring yet.
-        This should only be used when regenerating the key pair.
+        This should only be used when regenerating/extending the key pair.
 
         """
         all_keys = yield self.get_all_keys(private=False)