TOFU for GnuPG

Neal H. Walfield neal at
Fri Oct 30 13:09:51 CET 2015

At Fri, 30 Oct 2015 12:06:14 +0000,
MFPA wrote:
> On Thursday 29 October 2015 at 2:06:51 PM, in
> <mid:878u6l93b8.wl-neal at>, Neal H. Walfield wrote:
> > When you verify a
> > message from some user for the first time, GnuPG saves
> > the binding between the user id (actually, the
> > normalized email address) and the key.
> The email address in the user-id, or the email address the message
> appears to come from?
> If it's the email address in the user-id, what happens if the key has
> multiple UIDs covering several email addresses? Or if the user-ids
> contain no readable email addresses?

The user ids are used.  These are authorative.  If there are N user
ids, then N bindings are maintained.

> > When you verify
> > another message from that user, the saved bindings with
> > that user's address are retrieved.  If there is at
> > least one such binding, but none of them include the
> > signer's key, then either the signer is using a new key
> > or someone is attacking you.  In this case, GnuPG
> > displays a warning and prompts you to verify the key
> > and set an appropriate policy (e.g., the key should be
> > considered untrusted).
> How does it handle a new signing sub-key?

The primary key is always used in the binding.


:) Neal

More information about the Gnupg-users mailing list