phrase "UNTRUSTED good signature" is dangerously misleading

Werner Koch wk at gnupg.org
Sun Jul 14 09:40:56 CEST 2013 

On Sun, 14 Jul 2013 06:01, rjh at sixdemonbag.org said:

> If you want this to happen, the proper way to go forward is to convince
> the GnuPG developers to change the way GnuPG talks about ownertrust,
> good signatures versus verified signatures, and so on.  If GnuPG makes

We already did this many years ago.  Actually I can't find the phrase
the OP complained about.  Here is an example checking a signature using
a different account.  The key has been freshly imported:

  gpg: Signature made Thu Dec 20 20:48:35 2012 CET using RSA key ID 4F25E3B6
  gpg: Good signature from "Werner Koch (dist sig)"
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6

It seems that Enigmail creates the string.  Looking at the output of GPA
gives:

  |4F25E386|Key NOT valid|Werner Koch (dist sig)|Uncertain signature ...|
           [orange]

If the key is valid (trusted), it would be

  |4F25E386|valid|Werner Koch (dist sig)|Good signature ...|
           [green]

GPA uses the GPGME library which provides the needed information.  Thus
the code is pretty simple:

  if (data->summary & GPGME_SIGSUM_VALID)
    {
      text = _("Valid");
      color = "green";
    }
  else if (data->summary & GPGME_SIGSUM_RED)
    {
      text = _("Bad");
      color = "red";
    }
  else if (data->summary & GPGME_SIGSUM_KEY_MISSING)
    {
      text = _("Unknown Key");
      color = "red";
    }
  else if (data->summary & GPGME_SIGSUM_KEY_REVOKED)
    {
      text = _("Revoked Key");
      color = "red";
    }
  else if (data->summary & GPGME_SIGSUM_KEY_EXPIRED)
    {
      text = _("Expired Key");
      color = "orange";
    }
  else
    {
      /* If we arrived here we know the key is available, the signature is
       * not bad, but it's not completely valid. So, the signature is good
       * but the key is not valid. */
      text = _("Key NOT valid");
      color = "orange";
    }

Thus GPA explicitly talks about the key and not about the signature if
there are problems with the key. IIRC, KMail does something very similar.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list