Bug in "web of trust"?

sashikala prasad sashi@easy.com.au
Thu Sep 30 23:42:33 CEST 1999


This is a multi-part message in MIME format.
--------------3F960E097A39335E0EABADB5
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

I downloaded GnuPG 1.0.0 and played with it. My system is Mandrake-Linux
6.0. I believe I have found a bug in the way the "web of trust" works,
if my understanding of how it *should* work is correct :-). I attach
some listings to help you check what I did, and see if this really is a
bug.

I created 3 users -- Tom, Dick and Harry.
I made them exchange public keys as follows:

Tom <--> Dick
Tom <--> Harry

I made Harry sign Tom's public key in his own (Harry's) keyring. A "gpg
--list-sigs" by Harry shows that Tom's key is signed by both Tom and
Harry. I also made Harry edit Tom's public key (with "gpg --edit-key
Tom") and mark him fully trusted to verify other public keys. Now Harry
fully trusts Tom.

I then made Tom sign Dick's public key and give it back to him to
import. (Thereafter, a "gpg --list-sigs" by Dick shows a signature by
Tom as well as by himself).

Then I made Harry import this signed public key of Dick's. A "gpg
--list-sigs" by Harry now shows that Dick's public key is signed by Tom,
and Tom's public key is signed by Harry himself. A "gpg --edit-key Tom"
also shows that Tom is fully trusted ("f/f"). The web of trust (chain of
trust?) should now be complete (?). Harry should trust messages signed
by Dick, because Dick's public key is signed by Tom, and Tom's public
key is signed by Harry himself. Besides, Harry trusts Tom to verify
other public keys.

Now, I made Tom and Dick both create messages and clearsign them.
I made Harry verify these two messages using "gpg --verify".

Sure enough, GnuPG verified Tom's message without complaint, because
Tom's public key is signed by Harry himself.

I expected that GnuPG should similarly verify Dick's message, because
Dick's public key is vouched for by Tom, and Harry trusts Tom to verify
public keys. But I was surprised to see that GnuPG displayed a warning
when verifying Dick's message. The signature was good, of course, but it
printed the line "No path leading to one of our keys found.", just as it
would if it was a totally untrusted public key.

I think this is a bug. Could you please confirm?

Thanks and regards,

Ganesh

--------------3F960E097A39335E0EABADB5
Content-Type: text/plain; charset=us-ascii; name="debug"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="debug"

~harry> gpg --list-sigs
/home/harry/.gnupg/pubring.gpg
------------------------------
pub  1024D/005D98EA 1999-09-30 Harry User <harry@fictitious.address.com>
sig        005D98EA 1999-09-30  Harry User <harry@fictitious.address.com>
sub  1024g/70A5A677 1999-09-30
sig        005D98EA 1999-09-30  Harry User <harry@fictitious.address.com>

pub  1024D/1CC27D71 1999-09-30 Tom User <tom@fictitious.address.com>
sig        1CC27D71 1999-09-30  Tom User <tom@fictitious.address.com>
sig        005D98EA 1999-09-30  Harry User <harry@fictitious.address.com>
sub  1024g/3DF0858E 1999-09-30
sig        1CC27D71 1999-09-30  Tom User <tom@fictitious.address.com>

pub  1024D/5085F3C3 1999-09-30 Dick User <dick@fictitious.address.com>
sig        5085F3C3 1999-09-30  Dick User <dick@fictitious.address.com>
sig        1CC27D71 1999-09-30  Tom User <tom@fictitious.address.com>
sub  1024g/8AC9AC53 1999-09-30
sig        5085F3C3 1999-09-30  Dick User <dick@fictitious.address.com>

~harry> gpg --edit-key Dick
gpg (GnuPG) 1.0.0; Copyright (C) 1999 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

gpg: Warning: using insecure memory!

pub  1024D/5085F3C3  created: 1999-09-30 expires: never      trust: -/q
sub  1024g/8AC9AC53  created: 1999-09-30 expires: never
(1)  Dick User <dick@fictitious.address.com>

~harry> gpg --edit-key Tom
gpg (GnuPG) 1.0.0; Copyright (C) 1999 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

gpg: Warning: using insecure memory!

pub  1024D/1CC27D71  created: 1999-09-30 expires: never      trust: f/f
sub  1024g/3DF0858E  created: 1999-09-30 expires: never
(1)  Tom User <tom@fictitious.address.com>

~harry> cat auth_message.asc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

This is a message from Tom.

Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE381VIbiXcnhzCfXERAib3AJ92KJDAMSXMEos3jdq7aaLJcTp3nwCglcYF
9/ScfnrqI2RiFWT07xCezcE=
=hP8/
-----END PGP SIGNATURE-----

~harry> gpg --verify auth_message.asc
gpg: Warning: using insecure memory!
gpg: Signature made Thu Sep 30 22:19:20 1999 EST using DSA key ID 1CC27D71
gpg: Good signature from "Tom User <tom@fictitious.address.com>"

~harry> cat auth_message2.asc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

This is a message from Dick.

Dick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE381g9ohK54lCF88MRAjPhAJ9kPfLe/OTQcuTib8OnpMdUdOxc/QCfefOl
o4f/A4B9HGLQSPB8e9zhCfc=
=FPU5
-----END PGP SIGNATURE-----

~harry> gpg --verify auth_message2.asc
gpg: Warning: using insecure memory!
gpg: Signature made Thu Sep 30 22:31:57 1999 EST using DSA key ID 5085F3C3
gpg: Good signature from "Dick User <dick@fictitious.address.com>"
Could not find a valid trust path to the key.  Let's see whether we
can assign some missing owner trust values.

No path leading to one of our keys found.

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
gpg: Fingerprint: F039 FF4D CB2E F08B 7F1C  E509 A212 B9E2 5085 F3C3

--------------3F960E097A39335E0EABADB5--



More information about the Gnupg-devel mailing list