gpg-agent and trusted root certificates
Olaf Gellert
og at pre-secure.de
Thu Jan 20 15:42:33 CET 2005
Hi all,
I was just trying out the X.509 stuff of recent
GPG versions and I was wondering, on what occasions
the gpg-agent will ask the user to verify new
root certificates.
I already included the option "allow-mark-trusted"
into the configuration. When I include the hash of
a root certificate manually into the trustlist.txt,
everything works. When I tell kleopatra to validate
the root certificate, kleopatra queries the agent to
do the job.
When gpg-agent logs the following, should it not
ask the user to verify the root certificate?
7 - 2005-01-20 15:37:56 gpg-agent[4598.0x8085e78] DBG: <- HAVEKEY FB982E01EF2FE327A450FA5EB12B6172FBEBCD2F
7 - 2005-01-20 15:37:56 gpg-agent[4598.0x8085e78] DBG: -> ERR 208 no secret key
7 - 2005-01-20 15:37:56 gpg-agent[4598.0x8085e78] DBG: <- ISTRUSTED 0701EF37D0568429C057453D804646C3D016E660
7 - 2005-01-20 15:37:56 gpg-agent[4598.0x8085e78] DBG: -> ERR 304 not trusted
6 - 2005-01-20 15:37:56 gpgsm[6011.0x807d9c0] DBG: -> D
crt:i:2048:1:804646C3D016E660:20050112T123638:20070112T123638:00::1.2.840.113549.1.9.1=#636140746573746F72672D622E6F7267,CN=Test Root CA B1,O=Test Organization
B,C=DE::cC:%0Afpr:::::::::0701EF37D0568429C057453D804646C3D016E660:::0701EF37D0568429C057453D804646C3D016E660:%0Auid:i::::::::1.2.840.113549.1.9.1=#636140746573746F72672D622E6F7267,CN=Test
Root CA B1,O=Test Organization B,C=DE::%0Auid:i::::::::::%0A
6 - 2005-01-20 15:37:56 gpgsm[6011.0x807d9c0] DBG: -> OK
6 - 2005-01-20 15:37:56 gpgsm[6011.0x807d9c0] DBG: <- BYE
6 - 2005-01-20 15:37:56 gpgsm[6011.0x807d9c0] DBG: -> OK closing connection
[client at fd 6 disconnected]
7 - 2005-01-20 15:37:56 gpg-agent[4598.0x8085e78] DBG: <- [EOF]
7 - 2005-01-20 15:37:56 gpg-agent[4598]: handler for fd 6 terminated
Cheers,
Olaf
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Phone: (+49) 0700 / PRESECURE og at pre-secure.de
A daily view on Internet Attacks
https://www.ecsirt.net/sensornet
More information about the Gnupg-users
mailing list