[0.9.0] still problems with trust

Roland Rosenfeld roland at spinnaker.rhein.de
Wed Jan 6 14:57:01 CET 1999


I still have problems when I check RSA signatures with GPG 0.9.0,
because gpg still tells me that there is no trusted signature, while
there is one.

One example:
I got a mail from TC TrustCenter and mutt/gpg shows me the following
output (manually line wrap):

gpg: Signature made Wed Jan  6 12:03:41 1999 CET using RSA key ID BA523901
gpg: Good signature from "TC TrustCenter, Hamburg, Germany,
        www.trustcenter.de; Organization Key; <info at trustcenter.de>"   
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.

So 0xBA523901 seems not to be trusted, but when you have a look at the 
key, you will see that I signed this key myself (manually removed
signatures, which doesn't matter here):

$ gpg -kvv 0xBA523901
gpg (GnuPG) 0.9.0; Copyright (C) 1998 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

pub  2048R/BA523901 1997-05-07 TC TrustCenter, Hamburg, Germany, www.trustcenter.de; Organization Key; <info at trustcenter.de> 
sig        BA523901 1998-01-05  TC TrustCenter, Hamburg, Germany, www.trustcenter.de; Organization Key; <info at trustcenter.de>
sig        57C1C30D 1997-06-24  TC TrustCenter, Hamburg, Germany, www.trustcenter.de; RSA Root Key
uid                            TC TrustCenter, Hamburg, Germany, www.trustcenter.de; Certificate Administration Key; <certificate at trustcenter.de>
sig        DD08DD6D 1998-01-21  Roland Rosenfeld <roland at spinnaker.rhein.de>
sig        43231425 1997-12-11  Max Dornseif <md at rhein.de>
sig        BA523901 1998-01-05  TC TrustCenter, Hamburg, Germany, www.trustcenter.de; Organization Key; <info at trustcenter.de>
sig        57C1C30D 1997-05-15  TC TrustCenter, Hamburg, Germany, www.trustcenter.de; RSA Root Key

Now I had a look at the trust using gpg --edit-key:

$ gpg --edit-key 0xBA523901
gpg (GnuPG) 0.9.0; Copyright (C) 1998 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

pub  2048R/BA523901  created: 1997-05-07 expires: never      trust: m/q
(1)  TC TrustCenter, Hamburg, Germany, www.trustcenter.de; Organization Key; <info at trustcenter.de>
(2)  TC TrustCenter, Hamburg, Germany, www.trustcenter.de; Certificate Administration Key; <certificate at trustcenter.de>

So I see "trust: m/q". IMHO gpg should find a "marginally trusted
signature" now, but it doesn't.

I temporary changed the trust to "I fully trust" but this also didn't
change anything.

So I had a look at the trust database and got the following:

$ gpgm --list-trust-path 0xBA523901

BA523901.2702:m/-  "TC TrustCenter, Hamburg, Germany, www.tr"
DD08DD6D.4215:u/u  "Roland Rosenfeld <roland at spinnaker.rhein"

BA523901.2702:m/-  "TC TrustCenter, Hamburg, Germany, www.tr"
57C1C30D.2701:-/-  "TC TrustCenter, Hamburg, Germany, www.tr"
DD08DD6D.4215:u/u  "Roland Rosenfeld <roland at spinnaker.rhein"

BA523901.2702:m/-  "TC TrustCenter, Hamburg, Germany, www.tr"
43231425.5625:m/-  "Max Dornseif <md at rhein.de>"
DD08DD6D.4215:u/u  "Roland Rosenfeld <roland at spinnaker.rhein"

BA523901.2702:m/-  "TC TrustCenter, Hamburg, Germany, www.tr"
57C1C30D.2701:-/-  "TC TrustCenter, Hamburg, Germany, www.tr"
DD08DD6D.4215:u/u  "Roland Rosenfeld <roland at spinnaker.rhein"

BA523901.2702:m/-  "TC TrustCenter, Hamburg, Germany, www.tr"
57C1C30D.2701:-/-  "TC TrustCenter, Hamburg, Germany, www.tr"
43231425.5625:m/-  "Max Dornseif <md at rhein.de>"
DD08DD6D.4215:u/u  "Roland Rosenfeld <roland at spinnaker.rhein"

BA523901.2702:m/-  "TC TrustCenter, Hamburg, Germany, www.tr"
57C1C30D.2701:-/-  "TC TrustCenter, Hamburg, Germany, www.tr"
BB1D9F6D.706:-/-  "ct magazine CERTIFICATE <pgpCA at ct.heise."
DD08DD6D.4215:u/u  "Roland Rosenfeld <roland at spinnaker.rhein"

[...]

So the trust path seems to be okay, but why do I read
BA523901.2702:m/-  "TC TrustCenter, Hamburg, Germany, www.tr"
with the trust parameters "m/-" instead of "m/q" which is displayed
with gpg --edit-key?

Or did I misunderstand anything here?

I use the following options:

force-v3-sigs
load-extension rsa
load-extension idea
escape-from-lines

Ciao

        Roland

-- 
 * roland at spinnaker.rhein.de * http://www.rhein.de/~roland/ *
 PGP: 1024/DD08DD6D   2D E7 CC DE D5 8D 78 BE  3C A0 A4 F1 4B 09 CE AF





More information about the Gnupg-devel mailing list