gpg-agent and trusted root certificates

Olaf Gellert og at pre-secure.de
Fri Jan 21 13:13:04 CET 2005


Werner Koch wrote:

> You need all the certificates up to the root before gpgsm will ask
> you.  Another way to force it to ask is by using
> 
>   gpgsm --list-keys --with-validation <id-of-root-cert>

Have a look at this log:

#############################################################################
ranum at ranum:~> ps aux | grep agent
ranum     5391  0.0  0.1  3324 1004 ?        S    12:59   0:00 gpg-agent --daemon --no-detach --allow-mark-trusted --keep-display /bin/bash /etc/X11/xinit/xinitrc
ranum     5791  0.0  0.1  2660  736 pts/2    S+   13:05   0:00 grep agent
#############################################################################

So gpg-agent is running with --allow-mark-trusted.
And then:

#############################################################################
ranum at ranum:~> gpgsm --list-keys --with-validation 07:01:EF:37:D0:56:84:29:C0:57:45:3D:80:46:46:C3:D0:16:E6:60
Secure memory is not locked into core
gpgsm: NOTE: THIS IS A DEVELOPMENT VERSION!
gpgsm: It is only intended for test purposes and should NOT be
gpgsm: used in a production environment or with production keys!
/home/ranum/.gnupg/pubring.kbx
------------------------------
Serial number: 00
       Issuer: /CN=Test Root CA B1/O=Test Organization B/C=DE/EMail=ca at testorg-b.org
      Subject: /CN=Test Root CA B1/O=Test Organization B/C=DE/EMail=ca at testorg-b.org
          aka: ca at testorg-b.org
     validity: 2005-01-12 12:36:38 through 2007-01-12 12:36:38
     key type: 2048 bit RSA
    key usage: certSign
 chain length: unlimited
  fingerprint: 07:01:EF:37:D0:56:84:29:C0:57:45:3D:80:46:46:C3:D0:16:E6:60
gpgsm: DBG: connection to agent established
  [Das Wurzelzertifikat ist nicht als vertrauensw?rdig markiert]
  [certificate is bad: Nicht vertrauensw?rdig]

secmem usage: 1344/16384 bytes in 2 blocks
#############################################################################


No request window. Hmmm... The version is GPG 1.9.10.

Cheers,
  Olaf

-- 
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og at pre-secure.de

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet




More information about the Gnupg-users mailing list