tofu: Missing entry in the bindings table for new key

Justus Winter justus at
Tue Jan 24 11:53:55 CET 2017


Luis Ressel <aranea at> writes:

> Hello,
> I created a new key today. When I tried to verify a signature made by
> this key, I got the error message
> gpg: Signature made Sat Jan 21 01:07:59 2017 CET
> gpg:                using RSA key DEADBEEF
> gpg: Good signature from "foo <foo at>" [ultimate]
> gpg: aka "foo <foo at>" [ultimate]
> gpg: error updating TOFU database: NOT NULL constraint failed: signatures.binding
> gpg: TOFU: error registering signature: General error
> Apparently no entry for my key/userid had been recorded in the bindings
> table. I was of course able to fix this by calling
> "gpg --tofu-policy good DEADBEEF", but it still looks like a bug to me.
> Any ideas how this could happen?
> Potentially relevant facts:
> * The new key's userid collides with that of my old key.
> * I'm using the setting "tofu-default-policy unknown".

Can you please describe in detail what you were doing so that we can
recreate the problem?  You can create a throwaway environment for
experimentation by setting the environment variable GNUPGHOME to a
temporary directory, like so (assuming a Bourne-like shell):

  $ export GNUPGHOME=$(mktemp -d)
  $ gpg -k

Note that you need to copy your gnupg configuration over, or at least
configure the trust model.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: </pipermail/attachments/20170124/b12d2418/attachment.sig>

More information about the Gnupg-users mailing list