gpg-agent and trusted root certificates

Olaf Gellert og at pre-secure.de
Thu Jan 20 15:42:33 CET 2005 

Hi all,

I was just trying out the X.509 stuff of recent
GPG versions and I was wondering, on what occasions
the gpg-agent will ask the user to verify new
root certificates.

I already included the option "allow-mark-trusted"
into the configuration. When I include the hash of
a root certificate manually into the trustlist.txt,
everything works. When I tell kleopatra to validate
the root certificate, kleopatra queries the agent to
do the job.

When gpg-agent logs the following, should it not
ask the user to verify the root certificate?

  7 - 2005-01-20 15:37:56 gpg-agent[4598.0x8085e78] DBG: <- HAVEKEY FB982E01EF2FE327A450FA5EB12B6172FBEBCD2F
  7 - 2005-01-20 15:37:56 gpg-agent[4598.0x8085e78] DBG: -> ERR 208 no secret key
  7 - 2005-01-20 15:37:56 gpg-agent[4598.0x8085e78] DBG: <- ISTRUSTED 0701EF37D0568429C057453D804646C3D016E660
  7 - 2005-01-20 15:37:56 gpg-agent[4598.0x8085e78] DBG: -> ERR 304 not trusted
  6 - 2005-01-20 15:37:56 gpgsm[6011.0x807d9c0] DBG: -> D
crt:i:2048:1:804646C3D016E660:20050112T123638:20070112T123638:00::1.2.840.113549.1.9.1=#636140746573746F72672D622E6F7267,CN=Test Root CA B1,O=Test Organization
B,C=DE::cC:%0Afpr:::::::::0701EF37D0568429C057453D804646C3D016E660:::0701EF37D0568429C057453D804646C3D016E660:%0Auid:i::::::::1.2.840.113549.1.9.1=#636140746573746F72672D622E6F7267,CN=Test
Root CA B1,O=Test Organization B,C=DE::%0Auid:i::::::::::%0A
  6 - 2005-01-20 15:37:56 gpgsm[6011.0x807d9c0] DBG: -> OK
  6 - 2005-01-20 15:37:56 gpgsm[6011.0x807d9c0] DBG: <- BYE
  6 - 2005-01-20 15:37:56 gpgsm[6011.0x807d9c0] DBG: -> OK closing connection
[client at fd 6 disconnected]
  7 - 2005-01-20 15:37:56 gpg-agent[4598.0x8085e78] DBG: <- [EOF]
  7 - 2005-01-20 15:37:56 gpg-agent[4598]: handler for fd 6 terminated


Cheers,

Olaf

-- 
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og at pre-secure.de

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet

More information about the Gnupg-users mailing list