Trust signature domain
John Lane
gnupg at jelmail.com
Wed Jan 18 17:34:13 CET 2017
On 18/01/17 15:39, Damien Goutte-Gattat wrote:
>
> I believe there's a bug in the handling of the regular expression
> associated with a trust signature. I've just submitted a patch to fix it
> [1]. With that patch applied, I get the expected result for step 10
> (Blake's key is fully valid, not the others') and step 14 (Blake's key
> is fully valid, and so are Chloe's and David's keys).
thanks for that. I thought I was going mad!
I will look out for an update that contains your patch...
>
> For step 16, none of the keys are valid, but I think that's the expected
> behavior: you signed Introducer with a level 2 trust signature
> restricted to example.es, so the signature of Blake's key (which as an
> example.org UID) is rightly ignored. Blake's key is thus of unknown
> validity and his signatures on Chloe's and David's keys are ignored as
> well.
I agree, I added that test because I wondered if I had misunderstood how
it ought to work.
>
> (Side note: you can use the '%transient-key' directive when
> batch-generating keys for testing purposes. This instructs GnuPG to use
> a less secure but faster random number generator, thus speeding up the
> generation process.)
>
I don't know how I missed that... right below %no-protection which I did
use :)
much appreciated your fast response to my query.
More information about the Gnupg-users
mailing list