Hi, all:
I am not sure if what I am experiencing is expected TOFU behaviour or
not, and I'm hoping someone can help me figure that out. I'll show on a
live example (skipping irrelevant output).
This is gnupg-2.2.4 on Fedora 26.
[user@disp1132 ~]$ export GNUPGHOME=$(mktemp -d)
[user@disp1132 ~]$ gpg2 --locate-keys gre...@kernel.org
[user@disp1132 ~]$ curl -O
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.3
[user@disp1132 ~]$ curl -O
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.3.sign
[user@disp1132 ~]$ gpg2 --verify ChangeLog-4.15.3.sign
gpg: assuming signed data in 'ChangeLog-4.15.3'
gpg: Signature made Mon Feb 12 01:07:40 2018 EST
gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: Good signature from "Greg Kroah-Hartman <gre...@kernel.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E
Since there is no exiting TOFU db, that's expected output, right? The trust
model guesser decides we're using the PGP model. So, let's create tofu.db by
setting tofu-policy to good on Greg's key:
[user@disp1132 ~]$ gpg2 --tofu-policy good
647F28654894E3BD457199BE38DBBDC86092693E
gpg: Setting TOFU trust policy for new binding <key:
647F28654894E3BD457199BE38DBBDC86092693E, user id: Greg Kroah-Hartman
<gre...@kernel.org>> to good.
[user@disp1132 ~]$ gpg2 --check-trustdb
gpg: no ultimately trusted keys found
Here is where I get unexpected result rerunning the --verify command,
which I expected to return a different result:
[user@disp1132 ~]$ gpg2 --verify ChangeLog-4.15.3.sign
gpg: assuming signed data in 'ChangeLog-4.15.3'
gpg: Signature made Mon Feb 12 01:07:40 2018 EST
gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: Good signature from "Greg Kroah-Hartman <gre...@kernel.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E
Same as before. Since I have tofu.db now, the trust-model should have
switched to tofu+pgp, no?
[user@disp1132 ~]$ ls $GNUPGHOME
crls.d private-keys-v1.d pubring.kbx pubring.kbx~ tofu.db trustdb.gpg
At least, if I set trust-model on the command line, I get the TOFU output I
expect:
[user@disp1132 ~]$ gpg2 --trust-model tofu+pgp --verify ChangeLog-4.15.3.sign
gpg: assuming signed data in 'ChangeLog-4.15.3'
gpg: Signature made Mon Feb 12 01:07:40 2018 EST
gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: checking the trustdb
gpg: no ultimately trusted keys found
gpg: Good signature from "Greg Kroah-Hartman <gre...@kernel.org>" [full]
gpg: gre...@kernel.org: Verified 1 signature in the past 0 seconds. Encrypted
0 messages.
But wait, now I can omit --trust-model from the command line and I get the same
TOFU-based result, implying that trust-model tofu+pgp now sticks, even though
I've modified no config files:
[user@disp1132 ~]$ gpg2 --verify ChangeLog-4.15.3.sign
gpg: assuming signed data in 'ChangeLog-4.15.3'
gpg: Signature made Mon Feb 12 01:07:40 2018 EST
gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: Good signature from "Greg Kroah-Hartman <gre...@kernel.org>" [full]
gpg: gre...@kernel.org: Verified 1 signature in the past 58 seconds. Encrypted
0 messages.
I'm guessing this is not exactly the expected behaviour?
Best,
Konstantin
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
