gpg: return value, validity vs trust

Anish R Athalye aathalye at mit.edu
Sun Dec 14 15:15:36 CET 2014 

On Dec 13, 2014, at 11:09 PM, Hauke Laging <mailinglisten at hauke-laging.de> wrote:

> Am Sa 13.12.2014, 23:25:17 schrieb Anish R Athalye:
> 
>> When most people check signatures, they want a correct signature made
>> by a trusted party — a signature that is “valid". That’s what many
>> seem to expect when using the `gpg` command line tool to check
>> signatures.
> 
> Quite difficult to tell what "many seem to expect". Soon a certain someone 
> will ask you for a valid study... ;-)  It seems to me that too many 
> people expect miracles from crypto software. They don't wanna care about 
> what is going on there but nonetheless everything shall be handled just 
> as they expect...
> 
> 
>> However, the `gpg` tool checks only for “correct” (and
>> outputs a message to stderr if the signature in untrusted, but still
>> returns 0 for success).
> 
> The situation is too complex to be usefully handled by exit codes.
> 
> 
>> And it seems pretty difficult to check for
>> trust (there’s no clean API for this that I found).
> 
> Fortunately you are wrong about that. For what you want you shall make 
> the verification call like this:
> 
> gpg --status-fd 1 --verify file.asc

Great, I didn’t know this existed. Thanks!

> 
> That leads to output like this (plus some more lines intended more for 
> the human reader than for parsing):
> 
> [GNUPG:] SIG_ID EC64yxSlofLKaZ2wyLvSGDkRAT8 2014-12-06 1417856145
> [GNUPG:] GOODSIG 486B17AB3F96AD8E Hauke Laging (Standardadresse) 
> [GNUPG:] VALIDSIG 03C7C358A842126450C104BA486B17AB3F96AD8E 2014-12-06 
> 1417856145 0 4 0 1 2 00 7D82FB9FD25A2CE452416C37BF4B8EEF1A571DF5
> [GNUPG:] TRUST_ULTIMATE
> 
> 
> The last line is what you want to know (in combination with GOODSIG / 
> VALIDSIG). Thus you have to check the output for some keywords.
> 
> Quoting the DETAILS file:
> 
> ################################
> TRUST_UNDEFINED <error token>
> TRUST_NEVER     <error token>
> TRUST_MARGINAL  [0  [<validation_model>]]
> TRUST_FULLY     [0  [<validation_model>]]
> TRUST_ULTIMATE  [0  [<validation_model>]]
>    For good signatures one of these status lines are emitted to
>    indicate the validity of the key used to create the signature.
>    The error token values are currently only emitted by gpgsm.
>    VALIDATION_MODEL describes the algorithm used to check the
>    validity of the key.  The defaults are the standard Web of
>    Trust model for gpg and the the standard X.509 model for
>    gpgsm.  The defined values are
> 
>       "pgp"   for the standard PGP WoT.
>       "shell" for the standard X.509 model.
>       "chain" for the chain model.
> 
>    Note that we use the term "TRUST_" in the status names for
>    historic reasons; we now speak of validity.
> ################################
> 
> 
> Hauke
> -- 
> Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
> http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
> OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/attachments/20141214/c4a6a702/attachment.sig>

More information about the Gnupg-devel mailing list