gpg: return value, validity vs trust

Hauke Laging mailinglisten at hauke-laging.de
Sun Dec 14 05:09:20 CET 2014


Am Sa 13.12.2014, 23:25:17 schrieb Anish R Athalye:

> When most people check signatures, they want a correct signature made
> by a trusted party — a signature that is “valid". That’s what many
> seem to expect when using the `gpg` command line tool to check
> signatures.

Quite difficult to tell what "many seem to expect". Soon a certain someone 
will ask you for a valid study... ;-)  It seems to me that too many 
people expect miracles from crypto software. They don't wanna care about 
what is going on there but nonetheless everything shall be handled just 
as they expect...


> However, the `gpg` tool checks only for “correct” (and
> outputs a message to stderr if the signature in untrusted, but still
> returns 0 for success).

The situation is too complex to be usefully handled by exit codes.


> And it seems pretty difficult to check for
> trust (there’s no clean API for this that I found).

Fortunately you are wrong about that. For what you want you shall make 
the verification call like this:

gpg --status-fd 1 --verify file.asc

That leads to output like this (plus some more lines intended more for 
the human reader than for parsing):

[GNUPG:] SIG_ID EC64yxSlofLKaZ2wyLvSGDkRAT8 2014-12-06 1417856145
[GNUPG:] GOODSIG 486B17AB3F96AD8E Hauke Laging (Standardadresse) 
[GNUPG:] VALIDSIG 03C7C358A842126450C104BA486B17AB3F96AD8E 2014-12-06 
1417856145 0 4 0 1 2 00 7D82FB9FD25A2CE452416C37BF4B8EEF1A571DF5
[GNUPG:] TRUST_ULTIMATE


The last line is what you want to know (in combination with GOODSIG / 
VALIDSIG). Thus you have to check the output for some keywords.

Quoting the DETAILS file:

################################
TRUST_UNDEFINED <error token>
TRUST_NEVER     <error token>
TRUST_MARGINAL  [0  [<validation_model>]]
TRUST_FULLY     [0  [<validation_model>]]
TRUST_ULTIMATE  [0  [<validation_model>]]
    For good signatures one of these status lines are emitted to
    indicate the validity of the key used to create the signature.
    The error token values are currently only emitted by gpgsm.
    VALIDATION_MODEL describes the algorithm used to check the
    validity of the key.  The defaults are the standard Web of
    Trust model for gpg and the the standard X.509 model for
    gpgsm.  The defined values are

       "pgp"   for the standard PGP WoT.
       "shell" for the standard X.509 model.
       "chain" for the chain model.

    Note that we use the term "TRUST_" in the status names for
    historic reasons; we now speak of validity.
################################


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 603 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20141214/9c2e9308/attachment.sig>


More information about the Gnupg-devel mailing list