Am 9 Sep 2005 um 10:29 hat David Shaw geschrieben:
> On Fri, Sep 09, 2005 at 04:18:11PM +0200, Dirk Traulsen wrote:
>
> > Interestingly there is a difference, whether I use '--import' to get
> > a key from a 'key.asc' or '--recv-key' to import it from a
> > keyserver. It reproducibly asks for two different, not existing
> > keys. On WinXP it is always 0022FB70 when a key gets '--import'ed
> > and 0022FA10 when it is '--recv-key'ed. It is the same for Win95,
> > but with other key IDs: 0080F760 for '--import' and 0080F8F0 for
> > '--recv-key'.
>
> That looks disturbingly like uninitialized data, but I'm not able to
> duplicate it here.
>
> Here is what I'm doing:
>
> $ rm ~/.gnupg/trustdb.gpg
> $ gpg --import koch.asc
> gpg: /home/dshaw/.gnupg/trustdb.gpg: trustdb created
> gpg: key 57548DCD: public key "Werner Koch (gnupg sig)
> <dd9jn(at)gnu.org>" imported gpg: Total number processed: 1 gpg:
> imported: 1
>
> Can you give exact steps to follow?
Ok, I'll try.
First, I did this with gpg 1.4.2 under WinXP and confirmed my
findings on another machine with gpg 1.4.2 under Win95. Your machine
seems to be Linux. Unfortunately I cannot test gpg 1.4.2 under Linux
at the moment.
The first output below is what I described the last two days. When
there is not at least one public key in the keyring, which has
ultimate trust, gpg tries to find non-existing keys upon importing or
receiving (but not from new generated keys). See above for the
constant key IDs.
Today I thought about it and concluded, it could be dependent on a
read of the trustdb after a change and not specifically the import. I
made some experiments and it seems to be true. When I set the trust-
model via gpg.conf to direct or always, this line never comes. I
tried to find the simplest situation for you. I hope, this is simple
enough:
I deleted everything, added one public key (Werners :) ), set it to
ultimate trust, set it back to full trust to have the change in the
trustdb and issued --list-key. As you can see below, it brings up the
bug.
And something new: When I ask for the secret keys after the same
procedure, it asks for a new third key ID, which is always the same
like the other two. And like before, it is the same on Win95, but
with a different ID.
I hope, this will help you and that maybe somebody else can reproduce
it.
Dirk
+++++++++++++++++++++++++++++++++++++++++++++
(Delete keyrings and trustdb. I did not delete random_seed.
Does it matter? Made new gpg.conf with only one line for
shorter output: no-greeting)
C:\DOKUME~1\Dirk\ANWEND~1\gnupg>del *.gpg
C:\DOKUME~1\Dirk\ANWEND~1\gnupg>del *.bak
C:\DOKUME~1\Dirk\ANWEND~1\gnupg>edit gpg.conf
(Import previously exported key file =>
gpg states: no ultimately trusted key 0022FB70 found)
C:\DOKUME~1\Dirk\ANWEND~1\gnupg>gpg --import koch.asc
gpg: key 57548DCD: public key "Werner Koch (gnupg sig)
<[EMAIL PROTECTED]>" imported
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg: importiert: 1
gpg: kein uneingeschränkt vertrauenswürdiger Schlüssel 0022FB70
gefunden
(Next one is just to show, it has nothing to do with Werners key)
C:\DOKUME~1\Dirk\ANWEND~1\gnupg>gpg --import binner.asc
gpg: key D86A0D19: public key "Stephan Binner <[EMAIL PROTECTED]>"
imported
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg: importiert: 1
gpg: kein uneingeschränkt vertrauenswürdiger Schlüssel 0022FB70
gefunden
(Import a new generated, exported and then deleted key =>
The line comes not!)
C:\DOKUME~1\Dirk\ANWEND~1\gnupg>gpg --import koch.asc
gpg: key 57548DCD: "Werner Koch (gnupg sig) <[EMAIL PROTECTED]>" not
changed
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg: unverändert: 1
(Fetch key from keyserver (tried several) =>
gpg states: no ultimately trusted key 0022FA10 found)
C:\DOKUME~1\Dirk\ANWEND~1\gnupg>gpg --keyserver
random.sks.keyserver.penguin.de --recv-key 08b0a90b
gpg: requesting key 08B0A90B from hkp server
random.sks.keyserver.penguin.de
gpg: key 08B0A90B: public key "PuTTY Releases (DSA) <putty-
[EMAIL PROTECTED]
rg>" imported
gpg: kein uneingeschränkt vertrauenswürdiger Schlüssel 0022FA10
gefunden
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg: importiert: 1
+++++++++++++++++++++++++++++++++++++++++++++++
(Start again with deleting everything. Made new gpg.conf
with only one line for shorter output: no-greeting)
C:\DOKUME~1\Dirk\ANWEND~1\gnupg>del *.bak
C:\DOKUME~1\Dirk\ANWEND~1\gnupg>del *.gpg
C:\DOKUME~1\Dirk\ANWEND~1\gnupg>edit gpg.conf
(As before: Import previously exported key file =>
gpg states: no ultimately trusted key 0022FB70 found)
C:\DOKUME~1\Dirk\ANWEND~1\gnupg>gpg --import koch.asc
gpg: Schlüsselbund `C:/Dokumente und
Einstellungen/Dirk/Anwendungsdaten/gnupg\secring.gpg' erstellt
gpg: Schlüsselbund `C:/Dokumente und
Einstellungen/Dirk/Anwendungsdaten/gnupg\pubring.gpg' erstellt
gpg: C:/Dokumente und
Einstellungen/Dirk/Anwendungsdaten/gnupg\trustdb.gpg: trust-db
erzeugt
gpg: key 57548DCD: public key "Werner Koch (gnupg sig)
<[EMAIL PROTECTED]>" imported
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg: importiert: 1
gpg: kein uneingeschränkt vertrauenswürdiger Schlüssel 0022FB70
gefunden
(Set trust to ultimate (I shortened the output))
C:\DOKUME~1\Dirk\ANWEND~1\gnupg>gpg --ed koch
Befehl> trust
Please decide how far you trust this user to correctly verify other
users' keys
(by looking at passports, checking fingerprints from different
sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Ihre Auswahl? 5
Do you really want to set this key to ultimate trust? (y/N) y
Befehl> q
(Set trust back to full => no ultimately trusted public key there
(even further shortened output))
C:\DOKUME~1\Dirk\ANWEND~1\gnupg>gpg --ed koch
gpg: "Trust-DB" wird überprüft
gpg: 3 marignal-needed, 1 complete-needed, PGP Trust-Modell
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: nächste "Trust-DB"-Pflichtüberprüfung am 2005-12-31
pub 1024D/57548DCD created: 1998-07-07 expires: 2005-12-31 usage:
CSA
trust: uneingeschränkt Gültigkeit: uneingeschränkt
[ultimate] (1). Werner Koch (gnupg sig) <[EMAIL PROTECTED]>
Befehl> trust
Ihre Auswahl? 4
Befehl> q
(Now when I ask for the key-list, there is a look at the trustdb
and gpg states: no ultimately trusted key 0022FB70 found)
C:\DOKUME~1\Dirk\ANWEND~1\gnupg>gpg -k
gpg: "Trust-DB" wird überprüft
gpg: kein uneingeschränkt vertrauenswürdiger Schlüssel 0022FB70
gefunden
C:/Dokumente und Einstellungen/Dirk/Anwendungsdaten/gnupg\pubring.gpg
---------------------------------------------------------------------
pub 1024D/57548DCD 1998-07-07 [expires: 2005-12-31]
uid Werner Koch (gnupg sig) <[EMAIL PROTECTED]>
(This comes only the first time.
A look at the trustdb is nescessary?)
C:\DOKUME~1\Dirk\ANWEND~1\gnupg>gpg -k
C:/Dokumente und Einstellungen/Dirk/Anwendungsdaten/gnupg\pubring.gpg
---------------------------------------------------------------------
pub 1024D/57548DCD 1998-07-07 [expires: 2005-12-31]
uid Werner Koch (gnupg sig) <[EMAIL PROTECTED]>
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
(When I do like before, but ask for the secret keys instead, gpg
looks reproducibly for a new third non-exiting key 0022FB80!)
C:\DOKUME~1\Dirk\ANWEND~1\gnupg>gpg -K
gpg: "Trust-DB" wird überprüft
gpg: kein uneingeschränkt vertrauenswürdiger Schlüssel 0022FB80
gefunden
(This also comes only the first time.)
C:\DOKUME~1\Dirk\ANWEND~1\gnupg>gpg -K
C:\DOKUME~1\Dirk\ANWEND~1\gnupg>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
