Trust model tofu+pgp and User ID in Signer's UID packet

Wiktor Kwapisiewicz wiktor at
Thu Apr 25 13:48:18 CEST 2019


I think I found an issue with how GnuPG handles signatures with Signer's 
UID field and trust model tofu+pgp.

There was an issue reported to OpenKeychain [0] that messages generated 
by it are not trusted by GnuPG. The problem was that messages produced 
by K-9 mail and OpenKeychain are decrypted by GnuPG with the following 

gpg: WARNING: We do NOT trust this key!
gpg:          The signature is probably a FORGERY.

Even though the key is marked with "tofu-policy good" and looks fine in 
"gpg --edit-key".

I did run the decryption with "--debug-level guru" and spotted the 
following message:

gpg: DBG: TOFU: only considering user id: 'John Doe <john at>'
gpg: DBG: TOFU: skipping user id 'john at', which does not 
match the signer's email ('John Doe <john at>')
gpg: DBG: no (of 0) valid bindings.  Can't get TOFU validity for this 
set of user ids.

As I've seen previously OpenKeychain embeds full User ID as Signer's UID 
(that is "John Doe <john at>") but GnuPG users only e-mail 
("john at"). It seems when GnuPG encounters Signer's UID in 
full form it cannot get TOFU validity.

"Signer's UID" looks like it could contain full UID so maybe GnuPG 
should support full User IDs there and just extract the e-mail address?

I don't know if I got the issue right that's why I didn't create a 
ticket but if this sounds OK I can do so.

Kind regards,



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 919 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-devel mailing list