Reset mtime of source private keys to default creation time

[legoktm]

Status

Ready for review

Description of Changes

We set the GPG key creation time to 2013-05-14 to hide when they
were created, revealing when a source started using SecureDrop. However
this information was being leaked via the file modification time of the
private key material in the $keydir/private-keys-v1.d/ folder.

We set the GPG key creation time to 2013-05-14 to hide when they
were created, revealing when a source started using SecureDrop. However
this information was being leaked via the file modification time of the
private key material in the $keydir/private-keys-v1.d/ folder.

While we can easily change a file's mtime to a past date, faking the
ctime really isn't possible. So instead we touch each private key when
the source app starts to mask the real creation time. Because of the
nightly restarts, this will be updated within 24 hours of source
creation.

Fixes https://github.com/freedomofpress/securedrop-security/issues/71.

Testing

• Start dev container, look at mtime+ctime of private keys in /var/lib/securedrop/keys/private-keys-v1.d, wait a minute, make a whitespace-only change to source_app/__init__.py so the auto reloader restarts the app. Look at mtime+ctime of private keys, they should be different.
• On staging/prod, install SD, create a source. See mtime+ctime of private keys are the time of creation. Reboot the server, look again and see that mtime+ctime of private keys is now when the server was rebooted.

Deployment

Any special considerations for deployment? Not really.

Checklist

• Linting (make lint) and tests (make test) pass in the development container
• I have written a test plan and validated it for this PR
• These changes do not require documentation

[codecov-commenter]

Codecov Report

Merging #6270 (bff89a3) into develop (1d37d20) will decrease coverage by 0.01%.
The diff coverage is 77.77%.

@@             Coverage Diff             @@
##           develop    #6270      +/-   ##
===========================================
- Coverage    84.09%   84.07%   -0.02%     
===========================================
  Files           60       60              
  Lines         4199     4208       +9     
  Branches       506      508       +2     
===========================================
+ Hits          3531     3538       +7     
- Misses         548      549       +1     
- Partials       120      121       +1     

Impacted Files	Coverage Δ
securedrop/source_app/__init__.py	90.32% <77.77%> (-1.35%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1d37d20...bff89a3. Read the comment docs.

[zenmonkeykstop]

Tested in both dev and staging environments, verified mtime and ctimes changes with stat - looking good!