What are the file in ~/.gnupg ?
Teemu Likonen
tlikonen at iki.fi
Sat Oct 30 08:52:18 CEST 2021
* 2021-10-29 16:04:11+0200, Romain LT via Gnupg-users wrote:
> tofu.db
> is an sqlite database and mean Trust On First Use. But what does
> it means and what does it contains ?
tofu.db contains a log for every signature and encryption by/for every
key and email address. This means in human language:
"I have verified this signature made by this key and email address at
that time." (time of the signature and time of verification are
recorded)
"I have encrypted for this key and email at that time."
GnuPG can tell some of that information in techical form:
gpg --list-keys --with-colons --with-tofu-info
In SQL terms the tofu.db database has this schema:
$ sqlite3 ~/.gnupg/tofu.db .schema
CREATE TABLE version (version INTEGER);
CREATE TABLE bindings
(oid INTEGER PRIMARY KEY AUTOINCREMENT,
fingerprint TEXT, email TEXT, user_id TEXT, time INTEGER,
policy INTEGER CHECK (policy in (1, 2, 3, 4, 5)),
conflict STRING, effective_policy INTEGER DEFAULT 0
CHECK (effective_policy in (0, 1, 2, 3, 4, 5)),
unique (fingerprint, email));
CREATE TABLE sqlite_sequence(name,seq);
CREATE TABLE signatures (binding INTEGER NOT NULL, sig_digest TEXT,
origin TEXT, sig_time INTEGER, time INTEGER,
primary key (binding, sig_digest, origin));
CREATE TABLE encryptions (binding INTEGER NOT NULL, time INTEGER);
CREATE INDEX bindings_fingerprint_email
on bindings (fingerprint, email);
CREATE INDEX bindings_email on bindings (email);
CREATE INDEX encryptions_binding on encryptions (binding);
CREATE TABLE ultimately_trusted_keys (keyid);
--
/// Teemu Likonen - .-.. https://www.iki.fi/tlikonen/
// OpenPGP: 4E1055DC84E9DFF613D78557719D69D324539450
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20211030/bc302771/attachment.sig>
More information about the Gnupg-users
mailing list