What are the file in ~/.gnupg ?

Teemu Likonen tlikonen at iki.fi
Sat Oct 30 08:52:18 CEST 2021

* 2021-10-29 16:04:11+0200, Romain LT via Gnupg-users wrote:

> tofu.db
> 	is an sqlite database and mean Trust On First Use. But what does
> 	it means and what does it contains ?

tofu.db contains a log for every signature and encryption by/for every
key and email address. This means in human language:

   "I have verified this signature made by this key and email address at
    that time." (time of the signature and time of verification are

   "I have encrypted for this key and email at that time."

GnuPG can tell some of that information in techical form:

    gpg --list-keys --with-colons --with-tofu-info

In SQL terms the tofu.db database has this schema:

    $ sqlite3 ~/.gnupg/tofu.db .schema

    CREATE TABLE version (version INTEGER);
    CREATE TABLE bindings
      fingerprint TEXT, email TEXT, user_id TEXT, time INTEGER,
      policy INTEGER CHECK (policy in (1, 2, 3, 4, 5)),
      conflict STRING, effective_policy INTEGER DEFAULT 0
        CHECK (effective_policy in (0, 1, 2, 3, 4, 5)),
      unique (fingerprint, email));
    CREATE TABLE sqlite_sequence(name,seq);
    CREATE TABLE signatures  (binding INTEGER NOT NULL, sig_digest TEXT,
        origin TEXT, sig_time INTEGER, time INTEGER,
        primary key (binding, sig_digest, origin));
    CREATE TABLE encryptions (binding INTEGER NOT NULL,  time INTEGER);
    CREATE INDEX bindings_fingerprint_email
     on bindings (fingerprint, email);
    CREATE INDEX bindings_email on bindings (email);
    CREATE INDEX encryptions_binding on encryptions (binding);
    CREATE TABLE ultimately_trusted_keys (keyid);

/// Teemu Likonen - .-.. https://www.iki.fi/tlikonen/
// OpenPGP: 4E1055DC84E9DFF613D78557719D69D324539450
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20211030/bc302771/attachment.sig>

More information about the Gnupg-users mailing list