trust problems

Norbert Luckhardt Norbert Luckhardt <Norbert.Luckhardt@kes.de>
Sun Jun 3 18:38:01 2001 

hi there,

[ as the archive is not searchable I could not check if these
problems/questions are new... ]

I encountered some things I consider strange behaviour with GPG 1.0.6
and WinPT 0.2.1

using some test keys I found NO certificate trace to myself in the
edit-key function, though I signed the key directly with my ultimately
trusted key (the same null output shows up when being one step further
away from my own signature):


> C:\gnupg>gpg -u "test ich" --edit-key albert

> gpg (GnuPG) 1.0.6; Copyright (C) 2001 Free Software Foundation, Inc.

> This program comes with ABSOLUTELY NO WARRANTY.

> This is free software, and you are welcome to redistribute it

> under certain conditions. See the file COPYING for details.

> 

> pub  1024D/477D8F38  created: 2001-06-03 expires: 2001-06-04 trust: m/f

> sub   768g/5501FCD9  created: 2001-06-03 expires: 2001-06-04

> (1). test Albert

> 

> Command> check

> uid  test Albert

> sig!       477D8F38 2001-06-03   [self-signature]

> sig!       C93AA014 2001-06-03   test ich

> 

> Command> trust

> pub  1024D/477D8F38  created: 2001-06-03 expires: 2001-06-04 trust: m/f

> sub   768g/5501FCD9  created: 2001-06-03 expires: 2001-06-04

> (1). test Albert

> 

> Please decide how far you trust this user to correctly

> verify other users' keys (by looking at passports,

> checking fingerprints from different sources...)?

> 

>  1 = Don't know

>  2 = I do NOT trust

>  3 = I trust marginally

>  4 = I trust fully

>  s = please show me more information

>  m = back to the main menu

> 

> Your decision? s

> Certificates leading to an ultimately trusted key:

> 

> Your decision? 4

>

> pub  1024D/477D8F38  created: 2001-06-03 expires: 2001-06-04 trust: f/f

> sub   768g/5501FCD9  created: 2001-06-03 expires: 2001-06-04

> (1). test Albert

> 

> Command> save

> Key not changed so no update needed.


more over: WinPT seems to have an offset error or something like that
as the following trust values are shown wrong in the GUI:


> gpg --with-colons --list-keys test



> pub:u:1024:17:2FE07A56C93AA014:2001-06-03:2001-06-04:232:-:test ich::scESC:

> sub:u:768:16:C0837C8E5D18ED34:2001-06-03:2001-06-04:232::::e:

> pub:f:1024:17:81B7850D477D8F38:2001-06-03:2001-06-04:245:f:test Albert::scESC:

> sub:f:768:16:A48035AD5501FCD9:2001-06-03:2001-06-04:245::::e:

> pub:f:1024:17:0D274A0898C319EB:2001-06-03:2001-06-04:250:-:test Barbara::scESC:

> sub:f:768:16:E6F39CF2E033483E:2001-06-03:2001-06-04:250::::e:


leads to the following validity output (screenshot av. on request ,-):

test ich      full
test Albert   marginal
test Barbara  marginal

(completes-needed=1)

- another strange thing (which should be checked on the original
keys...) is


> pub:q:1024:1:44B8DDD6BB1D9F6D:1997-03-04::150:-:ct magazine CERTIFICATE <pgpCA@ct.heise.de>::escESC:

> sig:!::1:44B8DDD6BB1D9F6D:1997-03-04::::ct magazine CERTIFICATE <pgpCA@ct.heise.de>:10x:

> sig:!::1:73CF778C57C1C30D:1998-08-04::::TC TrustCenter, Hamburg, Germany, www.trustcenter.de; RSA Root Key:10x:

> sig:!::17:DBD245FCB3B2A12C:1999-05-12::::ct magazine CERTIFICATE <pgpCA@ct.heise.de>:10x:

> sig:!::1:A721C658686C5175:1998-09-07::::CA Universitaet GH Paderborn, CERTIFICATION ONLY KEY:10x:

> sig:!::1:5D89C0B163EB5391:2001-05-08::::DFN-PCA, CERTIFICATION ONLY KEY (Low-Level\x3a 2001) <not-for-mail>:10x:

> 

> pub:f:1024:17:DBD245FCB3B2A12C:1999-05-11::154:f:ct magazine CERTIFICATE <pgpCA@ct.heise.de>::scESC:

> sig:!::17:DBD245FCB3B2A12C:1999-05-11::::ct magazine CERTIFICATE <pgpCA@ct.heise.de>:10x:

> sig:!::1:44B8DDD6BB1D9F6D:1999-05-12::::ct magazine CERTIFICATE <pgpCA@ct.heise.de>:10x:

> sig:!::17:4DF23AB39A12ABCA:2001-06-03::::Norbert Luckhardt (Kommunikationsschluessel) <Norbert.Luckhardt@ePOST.de>:10l:

> sub:f:1024:16:B4B8814AB3330DDE:1999-05-11::154::::e:

> sig:!::17:DBD245FCB3B2A12C:1999-05-11::::ct magazine CERTIFICATE <pgpCA@ct.heise.de>:18x:


though there is a correct signature from the valid key B3B2A12C on the
older RSA key and despite the fully trust level on the newer key - the
older RSA key is NOT seen as valid!

[ Norbert Luckhardt (Kommunikationsschluessel)
<Norbert.Luckhardt@ePOST.de> is my personal ultimately trusted key ]

[ the signauture from B3B2A12C on BB1D9F6D is a trusted introducer
signature with trust depth 1 ]

Viele Grüße, Shalom dann,
NOrbert

-- 
Norbert Luckhardt
Redaktion KES, Zeitschrift für Kommunikations- und EDV-Sicherheit
SecuMedia Verlags-GmbH     Gaulsheimer Straße 17, 55218 Ingelheim

Tel.   05 11/5 63 62 93     *     0 67 25/93 04-14 (Red.-Assistenz)
Fax    05 11/5 63 62 99     *     0 67 25/59 94

GPG/OpenPGP communication only key 1024D/EC6DBD06 
key fingerprint D827 3892 898B 2660 647E  D0C1 E201 3E0D EC6D BD06