I still have problems when I check RSA signatures with GPG 0.9.0,
because gpg still tells me that there is no trusted signature, while
there is one.
One example:
I got a mail from TC TrustCenter and mutt/gpg shows me the following
output (manually line wrap):
gpg: Signature made Wed Jan 6 12:03:41 1999 CET using RSA key ID BA523901
gpg: Good signature from "TC TrustCenter, Hamburg, Germany,
www.trustcenter.de; Organization Key; <info@trustcenter.de>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
So 0xBA523901 seems not to be trusted, but when you have a look at the
key, you will see that I signed this key myself (manually removed
signatures, which doesn't matter here):
$ gpg -kvv 0xBA523901
gpg (GnuPG) 0.9.0; Copyright (C) 1998 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
pub 2048R/BA523901 1997-05-07 TC TrustCenter, Hamburg, Germany, www.trustcenter.de; Organization Key; <info@trustcenter.de>
sig BA523901 1998-01-05 TC TrustCenter, Hamburg, Germany, www.trustcenter.de; Organization Key; <info@trustcenter.de>
sig 57C1C30D 1997-06-24 TC TrustCenter, Hamburg, Germany, www.trustcenter.de; RSA Root Key
uid TC TrustCenter, Hamburg, Germany, www.trustcenter.de; Certificate Administration Key; <certificate@trustcenter.de>
sig DD08DD6D 1998-01-21 Roland Rosenfeld <roland@spinnaker.rhein.de>
sig 43231425 1997-12-11 Max Dornseif <md@rhein.de>
sig BA523901 1998-01-05 TC TrustCenter, Hamburg, Germany, www.trustcenter.de; Organization Key; <info@trustcenter.de>
sig 57C1C30D 1997-05-15 TC TrustCenter, Hamburg, Germany, www.trustcenter.de; RSA Root Key
Now I had a look at the trust using gpg --edit-key:
$ gpg --edit-key 0xBA523901
gpg (GnuPG) 0.9.0; Copyright (C) 1998 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
pub 2048R/BA523901 created: 1997-05-07 expires: never trust: m/q
(1) TC TrustCenter, Hamburg, Germany, www.trustcenter.de; Organization Key; <info@trustcenter.de>
(2) TC TrustCenter, Hamburg, Germany, www.trustcenter.de; Certificate Administration Key; <certificate@trustcenter.de>
So I see "trust: m/q". IMHO gpg should find a "marginally trusted
signature" now, but it doesn't.
I temporary changed the trust to "I fully trust" but this also didn't
change anything.
So I had a look at the trust database and got the following:
$ gpgm --list-trust-path 0xBA523901
BA523901.2702:m/- "TC TrustCenter, Hamburg, Germany, www.tr"
DD08DD6D.4215:u/u "Roland Rosenfeld <roland@spinnaker.rhein"
BA523901.2702:m/- "TC TrustCenter, Hamburg, Germany, www.tr"
57C1C30D.2701:-/- "TC TrustCenter, Hamburg, Germany, www.tr"
DD08DD6D.4215:u/u "Roland Rosenfeld <roland@spinnaker.rhein"
BA523901.2702:m/- "TC TrustCenter, Hamburg, Germany, www.tr"
43231425.5625:m/- "Max Dornseif <md@rhein.de>"
DD08DD6D.4215:u/u "Roland Rosenfeld <roland@spinnaker.rhein"
BA523901.2702:m/- "TC TrustCenter, Hamburg, Germany, www.tr"
57C1C30D.2701:-/- "TC TrustCenter, Hamburg, Germany, www.tr"
DD08DD6D.4215:u/u "Roland Rosenfeld <roland@spinnaker.rhein"
BA523901.2702:m/- "TC TrustCenter, Hamburg, Germany, www.tr"
57C1C30D.2701:-/- "TC TrustCenter, Hamburg, Germany, www.tr"
43231425.5625:m/- "Max Dornseif <md@rhein.de>"
DD08DD6D.4215:u/u "Roland Rosenfeld <roland@spinnaker.rhein"
BA523901.2702:m/- "TC TrustCenter, Hamburg, Germany, www.tr"
57C1C30D.2701:-/- "TC TrustCenter, Hamburg, Germany, www.tr"
BB1D9F6D.706:-/- "ct magazine CERTIFICATE <pgpCA@ct.heise."
DD08DD6D.4215:u/u "Roland Rosenfeld <roland@spinnaker.rhein"
[...]
So the trust path seems to be okay, but why do I read
BA523901.2702:m/- "TC TrustCenter, Hamburg, Germany, www.tr"
with the trust parameters "m/-" instead of "m/q" which is displayed
with gpg --edit-key?
Or did I misunderstand anything here?
I use the following options:
force-v3-sigs
load-extension rsa
load-extension idea
escape-from-lines
Ciao
Roland
--
* roland@spinnaker.rhein.de * http://www.rhein.de/~roland/ *
PGP: 1024/DD08DD6D 2D E7 CC DE D5 8D 78 BE 3C A0 A4 F1 4B 09 CE AF
because gpg still tells me that there is no trusted signature, while
there is one.
One example:
I got a mail from TC TrustCenter and mutt/gpg shows me the following
output (manually line wrap):
gpg: Signature made Wed Jan 6 12:03:41 1999 CET using RSA key ID BA523901
gpg: Good signature from "TC TrustCenter, Hamburg, Germany,
www.trustcenter.de; Organization Key; <info@trustcenter.de>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
So 0xBA523901 seems not to be trusted, but when you have a look at the
key, you will see that I signed this key myself (manually removed
signatures, which doesn't matter here):
$ gpg -kvv 0xBA523901
gpg (GnuPG) 0.9.0; Copyright (C) 1998 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
pub 2048R/BA523901 1997-05-07 TC TrustCenter, Hamburg, Germany, www.trustcenter.de; Organization Key; <info@trustcenter.de>
sig BA523901 1998-01-05 TC TrustCenter, Hamburg, Germany, www.trustcenter.de; Organization Key; <info@trustcenter.de>
sig 57C1C30D 1997-06-24 TC TrustCenter, Hamburg, Germany, www.trustcenter.de; RSA Root Key
uid TC TrustCenter, Hamburg, Germany, www.trustcenter.de; Certificate Administration Key; <certificate@trustcenter.de>
sig DD08DD6D 1998-01-21 Roland Rosenfeld <roland@spinnaker.rhein.de>
sig 43231425 1997-12-11 Max Dornseif <md@rhein.de>
sig BA523901 1998-01-05 TC TrustCenter, Hamburg, Germany, www.trustcenter.de; Organization Key; <info@trustcenter.de>
sig 57C1C30D 1997-05-15 TC TrustCenter, Hamburg, Germany, www.trustcenter.de; RSA Root Key
Now I had a look at the trust using gpg --edit-key:
$ gpg --edit-key 0xBA523901
gpg (GnuPG) 0.9.0; Copyright (C) 1998 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
pub 2048R/BA523901 created: 1997-05-07 expires: never trust: m/q
(1) TC TrustCenter, Hamburg, Germany, www.trustcenter.de; Organization Key; <info@trustcenter.de>
(2) TC TrustCenter, Hamburg, Germany, www.trustcenter.de; Certificate Administration Key; <certificate@trustcenter.de>
So I see "trust: m/q". IMHO gpg should find a "marginally trusted
signature" now, but it doesn't.
I temporary changed the trust to "I fully trust" but this also didn't
change anything.
So I had a look at the trust database and got the following:
$ gpgm --list-trust-path 0xBA523901
BA523901.2702:m/- "TC TrustCenter, Hamburg, Germany, www.tr"
DD08DD6D.4215:u/u "Roland Rosenfeld <roland@spinnaker.rhein"
BA523901.2702:m/- "TC TrustCenter, Hamburg, Germany, www.tr"
57C1C30D.2701:-/- "TC TrustCenter, Hamburg, Germany, www.tr"
DD08DD6D.4215:u/u "Roland Rosenfeld <roland@spinnaker.rhein"
BA523901.2702:m/- "TC TrustCenter, Hamburg, Germany, www.tr"
43231425.5625:m/- "Max Dornseif <md@rhein.de>"
DD08DD6D.4215:u/u "Roland Rosenfeld <roland@spinnaker.rhein"
BA523901.2702:m/- "TC TrustCenter, Hamburg, Germany, www.tr"
57C1C30D.2701:-/- "TC TrustCenter, Hamburg, Germany, www.tr"
DD08DD6D.4215:u/u "Roland Rosenfeld <roland@spinnaker.rhein"
BA523901.2702:m/- "TC TrustCenter, Hamburg, Germany, www.tr"
57C1C30D.2701:-/- "TC TrustCenter, Hamburg, Germany, www.tr"
43231425.5625:m/- "Max Dornseif <md@rhein.de>"
DD08DD6D.4215:u/u "Roland Rosenfeld <roland@spinnaker.rhein"
BA523901.2702:m/- "TC TrustCenter, Hamburg, Germany, www.tr"
57C1C30D.2701:-/- "TC TrustCenter, Hamburg, Germany, www.tr"
BB1D9F6D.706:-/- "ct magazine CERTIFICATE <pgpCA@ct.heise."
DD08DD6D.4215:u/u "Roland Rosenfeld <roland@spinnaker.rhein"
[...]
So the trust path seems to be okay, but why do I read
BA523901.2702:m/- "TC TrustCenter, Hamburg, Germany, www.tr"
with the trust parameters "m/-" instead of "m/q" which is displayed
with gpg --edit-key?
Or did I misunderstand anything here?
I use the following options:
force-v3-sigs
load-extension rsa
load-extension idea
escape-from-lines
Ciao
Roland
--
* roland@spinnaker.rhein.de * http://www.rhein.de/~roland/ *
PGP: 1024/DD08DD6D 2D E7 CC DE D5 8D 78 BE 3C A0 A4 F1 4B 09 CE AF