TOFU: interacting with the user

Neal H. Walfield neal at
Thu Oct 22 15:29:17 CEST 2015

At Thu, 22 Oct 2015 15:16:16 +0200,
Werner Koch wrote:
> On Wed, 21 Oct 2015 15:35, neal at said:
> > Second, pinentry doesn't currently support TOFU's queries!  When a
> Right, this is on purpose.  When not using Tofu and the key can't be
> verified, gpg already ask the user whether to use use the key anyway.
> There has never been a request to do move this to Pinentry.  Instead the
> calling application should display a warning that the key can't be used
> but allow the user to override this (using GPGME_ENCRYPT_ALWAYS_TRUST).

I think I wasn't clear.  This is a technical limitation in pinentry.
Pinentry supports 3 options (buttons).  TOFU requires 5 options.  This
issue is orthogonal to any policy decision that we may or may not

> > key.  There are five choices (good, accept once, unknown, reject one,
> > bad).  Currently, pinentry only supports up to three buttons.  A hack
> Similar to what we have now: "yes", "no" ;-)

I'm not sure what you are referring to here.


:) Neal

More information about the Gnupg-devel mailing list