trust problems

Norbert Luckhardt Norbert Luckhardt <Norbert.Luckhardt@kes.de>
Sun Jun 3 18:38:01 2001


hi there,

[ as the archive is not searchable I could not check if these
problems/questions are new... ]

I encountered some things I consider strange behaviour with GPG 1.0.6
and WinPT 0.2.1

using some test keys I found NO certificate trace to myself in the
edit-key function, though I signed the key directly with my ultimately
trusted key (the same null output shows up when being one step further
away from my own signature):


> C:\gnupg>gpg -u "test ich" --edit-key albert
> gpg (GnuPG) 1.0.6; Copyright (C) 2001 Free Software Foundation, Inc.
> This program comes with ABSOLUTELY NO WARRANTY.
> This is free software, and you are welcome to redistribute it
> under certain conditions. See the file COPYING for details.
>
> pub 1024D/477D8F38 created: 2001-06-03 expires: 2001-06-04 trust: m/f
> sub 768g/5501FCD9 created: 2001-06-03 expires: 2001-06-04
> (1). test Albert
>
> Command> check
> uid test Albert
> sig! 477D8F38 2001-06-03 [self-signature]
> sig! C93AA014 2001-06-03 test ich
>
> Command> trust
> pub 1024D/477D8F38 created: 2001-06-03 expires: 2001-06-04 trust: m/f
> sub 768g/5501FCD9 created: 2001-06-03 expires: 2001-06-04
> (1). test Albert
>
> Please decide how far you trust this user to correctly
> verify other users' keys (by looking at passports,
> checking fingerprints from different sources...)?
>
> 1 = Don't know
> 2 = I do NOT trust
> 3 = I trust marginally
> 4 = I trust fully
> s = please show me more information
> m = back to the main menu
>
> Your decision? s
> Certificates leading to an ultimately trusted key:
>
> Your decision? 4
>
> pub 1024D/477D8F38 created: 2001-06-03 expires: 2001-06-04 trust: f/f
> sub 768g/5501FCD9 created: 2001-06-03 expires: 2001-06-04
> (1). test Albert
>
> Command> save
> Key not changed so no update needed.
more over: WinPT seems to have an offset error or something like that as the following trust values are shown wrong in the GUI:
> gpg --with-colons --list-keys test

> pub:u:1024:17:2FE07A56C93AA014:2001-06-03:2001-06-04:232:-:test ich::scESC:
> sub:u:768:16:C0837C8E5D18ED34:2001-06-03:2001-06-04:232::::e:
> pub:f:1024:17:81B7850D477D8F38:2001-06-03:2001-06-04:245:f:test Albert::scESC:
> sub:f:768:16:A48035AD5501FCD9:2001-06-03:2001-06-04:245::::e:
> pub:f:1024:17:0D274A0898C319EB:2001-06-03:2001-06-04:250:-:test Barbara::scESC:
> sub:f:768:16:E6F39CF2E033483E:2001-06-03:2001-06-04:250::::e:
leads to the following validity output (screenshot av. on request ,-): test ich full test Albert marginal test Barbara marginal (completes-needed=1) - another strange thing (which should be checked on the original keys...) is
> pub:q:1024:1:44B8DDD6BB1D9F6D:1997-03-04::150:-:ct magazine CERTIFICATE <pgpCA@ct.heise.de>::escESC:
> sig:!::1:44B8DDD6BB1D9F6D:1997-03-04::::ct magazine CERTIFICATE <pgpCA@ct.heise.de>:10x:
> sig:!::1:73CF778C57C1C30D:1998-08-04::::TC TrustCenter, Hamburg, Germany, www.trustcenter.de; RSA Root Key:10x:
> sig:!::17:DBD245FCB3B2A12C:1999-05-12::::ct magazine CERTIFICATE <pgpCA@ct.heise.de>:10x:
> sig:!::1:A721C658686C5175:1998-09-07::::CA Universitaet GH Paderborn, CERTIFICATION ONLY KEY:10x:
> sig:!::1:5D89C0B163EB5391:2001-05-08::::DFN-PCA, CERTIFICATION ONLY KEY (Low-Level\x3a 2001) <not-for-mail>:10x:
>
> pub:f:1024:17:DBD245FCB3B2A12C:1999-05-11::154:f:ct magazine CERTIFICATE <pgpCA@ct.heise.de>::scESC:
> sig:!::17:DBD245FCB3B2A12C:1999-05-11::::ct magazine CERTIFICATE <pgpCA@ct.heise.de>:10x:
> sig:!::1:44B8DDD6BB1D9F6D:1999-05-12::::ct magazine CERTIFICATE <pgpCA@ct.heise.de>:10x:
> sig:!::17:4DF23AB39A12ABCA:2001-06-03::::Norbert Luckhardt (Kommunikationsschluessel) <Norbert.Luckhardt@ePOST.de>:10l:
> sub:f:1024:16:B4B8814AB3330DDE:1999-05-11::154::::e:
> sig:!::17:DBD245FCB3B2A12C:1999-05-11::::ct magazine CERTIFICATE <pgpCA@ct.heise.de>:18x:
though there is a correct signature from the valid key B3B2A12C on the older RSA key and despite the fully trust level on the newer key - the older RSA key is NOT seen as valid! [ Norbert Luckhardt (Kommunikationsschluessel) <Norbert.Luckhardt@ePOST.de> is my personal ultimately trusted key ] [ the signauture from B3B2A12C on BB1D9F6D is a trusted introducer signature with trust depth 1 ] Viele Grüße, Shalom dann, NOrbert -- Norbert Luckhardt Redaktion KES, Zeitschrift für Kommunikations- und EDV-Sicherheit SecuMedia Verlags-GmbH Gaulsheimer Straße 17, 55218 Ingelheim Tel. 05 11/5 63 62 93 * 0 67 25/93 04-14 (Red.-Assistenz) Fax 05 11/5 63 62 99 * 0 67 25/59 94 GPG/OpenPGP communication only key 1024D/EC6DBD06 key fingerprint D827 3892 898B 2660 647E D0C1 E201 3E0D EC6D BD06