* 2021-10-29 16:04:11+0200, Romain LT via Gnupg-users wrote: > tofu.db > is an sqlite database and mean Trust On First Use. But what does > it means and what does it contains ?
tofu.db contains a log for every signature and encryption by/for every
key and email address. This means in human language:
"I have verified this signature made by this key and email address at
that time." (time of the signature and time of verification are
recorded)
"I have encrypted for this key and email at that time."
GnuPG can tell some of that information in techical form:
gpg --list-keys --with-colons --with-tofu-info
In SQL terms the tofu.db database has this schema:
$ sqlite3 ~/.gnupg/tofu.db .schema
CREATE TABLE version (version INTEGER);
CREATE TABLE bindings
(oid INTEGER PRIMARY KEY AUTOINCREMENT,
fingerprint TEXT, email TEXT, user_id TEXT, time INTEGER,
policy INTEGER CHECK (policy in (1, 2, 3, 4, 5)),
conflict STRING, effective_policy INTEGER DEFAULT 0
CHECK (effective_policy in (0, 1, 2, 3, 4, 5)),
unique (fingerprint, email));
CREATE TABLE sqlite_sequence(name,seq);
CREATE TABLE signatures (binding INTEGER NOT NULL, sig_digest TEXT,
origin TEXT, sig_time INTEGER, time INTEGER,
primary key (binding, sig_digest, origin));
CREATE TABLE encryptions (binding INTEGER NOT NULL, time INTEGER);
CREATE INDEX bindings_fingerprint_email
on bindings (fingerprint, email);
CREATE INDEX bindings_email on bindings (email);
CREATE INDEX encryptions_binding on encryptions (binding);
CREATE TABLE ultimately_trusted_keys (keyid);
--
/// Teemu Likonen - .-.. https://www.iki.fi/tlikonen/
// OpenPGP: 4E1055DC84E9DFF613D78557719D69D324539450
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
