gpg looking for strange additional key upon import (was Re: clean sigs)

Dirk Traulsen dirk.traulsen at lypso.de
Fri Sep 9 16:18:11 CEST 2005 

Am 8 Sep 2005 um 20:00 hat David Shaw geschrieben:

> > 2. There is a line after the '--recv-key' which I don't understand:
> > 'gpg: kein uneingeschränkt vertrauenswürdiger Schlüssel 0022FA10
> > gefunden' (my english translation: gpg: no ultimately trusted key
> > 0022FA10 found) As you can see in the output, I didn't ask for this
> > key. There are no keyrings or trustdb, as I deleted them before. I
> > don't know this key and I couldn't find it at the keyservers. Why
> > did gpg try to find this key?
> 
> GnuPG will look for your own key.  Did you generate a key with that
> key ID?

No, I didn't and I deleted the keyrings and the trustdb, so how could 
gpg know?
 
I tried a lot of combinations and found, that the message comes only, 
when a new (meaning not in the pubring) public key is imported 
directly or via keyserver and there is no ultimately trusted public 
key in the pubring. This does not depend on the existence of a secret 
key. It is independent of the used keyserver, the preferences and 
whether the imported key was made with gpg 1.0.7 - 1.4.2 or pgp.
This is true for gpg 1.4.2 under Win95 and WinXP. Until now I could 
not test it under Linux.

But the strange line comes not, when I generate new key pairs, 
export, transport the ascii files internally and '--import' them. It 
doesn't matter on which system (Win95, WinXP, Linux) or program 
(gpg1.0.7 -1.4.2, pgp) the keys are generated.

Interestingly there is a difference, whether I use '--import' to get 
a key from a 'key.asc' or '--recv-key' to import it from a keyserver.
It reproducibly asks for two different, not existing keys. On WinXP 
it is always 0022FB70 when a key gets '--import'ed and 0022FA10 when 
it is '--recv-key'ed. It is the same for Win95, but with other key 
IDs: 0080F760 for '--import' and 0080F8F0 for '--recv-key'.

Dirk

+++++++ Output '--import' +++++++++++++++++++++++
C:\>gpg --import koch.asc
gpg: key 57548DCD: public key "Werner Koch (gnupg sig) 
<dd9jn at gnu.org>" imported

gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg:                              importiert: 1
gpg: kein uneingeschränkt vertrauenswürdiger Schlüssel 0022FB70 
gefunden


+++++++ Output '--recv-key' +++++++++++++++++++++
C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\gnupg>gpg --
keyserver keyserver.kjsl.com --recv-key 08B0A90B
gpg: requesting key 08B0A90B from hkp server keyserver.kjsl.com
gpg: key 08B0A90B: public key "PuTTY Releases (DSA) <putty-
bugs at lists.tartarus.org>" imported
gpg: kein uneingeschränkt vertrauenswürdiger Schlüssel 0022FA10 
gefunden
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg:                              importiert: 1


+++++++ Output '--import' of a new generated key ++++++
C:\>gpg --import newkey.asc

gpg: key A6F74F00: public key "newkey <new at key.de>" imported
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg:                              importiert: 1

+++++++++++++++++++++++++++++++++++++++++++

More information about the Gnupg-users mailing list