ownertrust database cleared on gpg 2.1 key import
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Nov 8 00:24:15 CET 2014
hi GnuPG folks--
It looks to me like gpg 2.1.0 is clearing parts of the ownertrust
database when used with the same homedir as 1.4.x. There may be other
circumstances where ownertrust is cleared as well.
Consider a user who starts with a conversion to 2.1.0 over keys for
Alice and Bob. so ~/.gnupg/.gpg-v21-migrated is present.
Then the user ("Ed") creates a new key for himself with gpg 1.4, and
imports keys for Carol and David (also with gpg 1.4). The user (still
using 1.4) signs Carol and Bob's keys, and marks Carol with full
ownertrust, and Bob with marginal ownertrust.
at this point, gpg 1.4 knows the ownertrustdb looks like this:
But now the user tries to use gpg2, which only knows about Alice and
Bob's keys. As a result, the user imports the keys:
gpg --export | gpg2 --import
In doing this, gpg2 appears to actively clear the ownertrust values for
Carol and Ed's keys, leaving the user with no ultimately-trusted keys in
either version of gpg, 2.1 or 1.4.
This is particularly troubling, because:
(a) it's difficult to notice that the trustdb has changed -- it's not
an obvious scenario, and users can go hours or days without being
aware that something is wrong.
(b) Even if the user is aware of it, older versions of the trustdb do
not appear to be backed up anywhere, and this is user-entered data
that isn't stored anywhere else, so it's difficult or impossible to
So i guess one question is:
* is it intentional for gpg2 to clear the trustdb entry for a key that
it didn't have a copy of, but which was mentioned in the trustdb?
and if so, why -- and is that something that should change?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 948 bytes
Desc: not available
More information about the Gnupg-devel