Page MenuHome GnuPG
Create Task
Maniphest T2409

Verifying with Fully Trusted Key Shows as Undefined
Closed, ResolvedPublic
Actions

Description

When verifying files signed by a "Fully" validated key, it says the key has a
trust level of undefined. I edited the key to mark it as fully trusted. I have
tried with a file that I self signed with an ultimately trust key and it works,
then I reduced to fully and I get the same.

C:\Users\Andrew>gpg --edit-key "tor"
gpg (GnuPG) 2.0.30; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub 4096R/93298290 created: 2014-12-15 expires: 2020-08-24 usage: C
trust: full validity: unknown
sub 4096R/F65C2036 created: 2014-12-15 expires: 2017-08-25 usage: S
sub 4096R/D40814E0 created: 2014-12-15 expires: 2017-08-25 usage: S
The following key was revoked on 2015-08-26 by RSA key 93298290 Tor Browser
Developers (signing key) <torbrowser@torproject.org>
sub 4096R/589839A3 created: 2014-12-15 revoked: 2015-08-26 usage: S
[ unknown] (1). Tor Browser Developers (signing key) <torbrowser@torproject.org>

C:\Users\Andrew>gpg -v --verify "C:\Users\Andrew\Downloads\torbrowser-install-
6.0.2_en-US.exe.asc"
gpg: assuming signed data in 'C:\Users\Andrew\Downloads\torbrowser-install-
6.0.2_en-US.exe'
gpg: Signature made 06/20/16 07:48:31 Central Daylight Time using RSA key ID
2E1AC68ED40814E0
gpg: Note: signature key 2D000988589839A3 has been revoked
gpg: using subkey 2E1AC68ED40814E0 instead of primary key 4E2C6E8793298290
gpg: Note: signature key 2D000988589839A3 has been revoked
gpg: using pgp trust model
gpg: Good signature from "Tor Browser Developers (signing key)
<torbrowser@torproject.org>" [unknown]
gpg: Note: signature key 2D000988589839A3 has been revoked
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290

Subkey fingerprint: BA1E E421 BBB4 5263 180E  1FC7 2E1A C68E D408 14E0

gpg: binary signature, digest algorithm SHA512, key algorithm rsa4096

Running Windows 10 Pro 64bit.

Details

Version
2.1.13 and 2.0.30

Event Timeline

atclaus added projects: gnupg, Bug Report.Jul 7 2016, 12:44 AM
atclaus set Version to 2.1.13 and 2.0.30.
atclaus added a subscriber: atclaus.
gniibe added a subscriber: gniibe.Jul 13 2016, 7:30 AM

There are two different concepts: trust and validity.

It makes nothing when you edit a key to mark "full" trust which has unknown
validity. (A key's validity should be valid.)

Marking trust (full or marginal) to a valid key makes validation of other keys
will be possible by that key.

In the beginning, you can make a key valid by signing (sign or lsign) by your
ultimately trusted key.

werner added a project: Not A Bug.Jul 13 2016, 4:57 PM
atclaus added a comment.Jul 13 2016, 9:44 PM

But why does marking it as ultimately trusted ignore that it was never signed?

gniibe added a comment.Jul 14 2016, 2:05 AM

Adding "ultimate" trust means: you are specifying it's your own key. GnuPG
doesn't check if your own key is signed by another your own key (or you really
have corresponding private key).

Let me explain the validity of public keys.

  • Start with a set of key(s) with "ultimate" trust. Ultimate keys are all valid,

put them to a set of valid keys.

  • Pick a key from valid keys. Collect all keys signed by this key (locally or

globally), it's all valid. Put them to a set of valid keys.

Next, it checks "full" or "marginal" trust to a public key.

  • Start with the set of public keys which are valid (by the computation so far).
  • Pick a key from the set. If it has "full" trust, mark all keys which are

signed by this key as it's reachable by "full" trust.

  • If it has "marginal" trust, mark all keys which are signed by this key as it's

reachable by "marginal" trust adding a point.

  • Scan all marked key. If it can be reachable by "full" trust. It will be in

the set of valid keys. If it can be reachable by "marginal" trust by 3
(default) different keys, it will be also in the set of valid keys.

  • Add checked keys to the set of valid keys. And apply(repeat) this procedure

recursively, to the newly added valid keys. Don't repeat too far. Stop if it
goes 5 (default) times.

In other words, adding trust (by --edit-key) to a valid key makes it possible
for another key to be validated by that key. Adding trust (by --edit-key) to an
invalid key doesn't make that invalid key valid. (If it's "full" or "marginal".)

atclaus added a comment.Jul 14 2016, 4:49 AM

Ok I think I get it now. Thank you for explaining it to me. I appreciate it

atclaus added a comment.Jul 14 2016, 5:49 AM

859_unnamed2 KBDownload

atclaus added a comment.Jul 14 2016, 5:49 AM

Ok I think I get it. I appreciate you taking the time to explain it.
Thanks.

On Wednesday, July 13, 2016, NIIBE Yutaka via BTS <gnupg@bugs.g10code.com>
wrote:

NIIBE Yutaka <gniibe@fsij.org <javascript:;>> added the comment:

Adding "ultimate" trust means: you are specifying it's your own key. GnuPG
doesn't check if your own key is signed by another your own key (or you
really
have corresponding private key).

Let me explain the validity of public keys.

  • Start with a set of key(s) with "ultimate" trust. Ultimate keys are all

valid,
put them to a set of valid keys.

  • Pick a key from valid keys. Collect all keys signed by this key

(locally or
globally), it's all valid. Put them to a set of valid keys.

Next, it checks "full" or "marginal" trust to a public key.

  • Start with the set of public keys which are valid (by the computation so

far).

  • Pick a key from the set. If it has "full" trust, mark all keys which are

signed by this key as it's reachable by "full" trust.

  • If it has "marginal" trust, mark all keys which are signed by this key

as it's
reachable by "marginal" trust adding a point.

  • Scan all marked key. If it can be reachable by "full" trust. It will

be in
the set of valid keys. If it can be reachable by "marginal" trust by 3
(default) different keys, it will be also in the set of valid keys.

  • Add checked keys to the set of valid keys. And apply(repeat) this

procedure
recursively, to the newly added valid keys. Don't repeat too far. Stop
if it
goes 5 (default) times.

In other words, adding trust (by --edit-key) to a valid key makes it
possible
for another key to be validated by that key. Adding trust (by --edit-key)
to an
invalid key doesn't make that invalid key valid. (If it's "full" or
"marginal".)

GnuPG's BTS <gnupg@bugs.g10code.com <javascript:;>>
<T2409>

gniibe added a comment.Jul 14 2016, 6:56 AM

You are welcome. If my bad English makes it difficult, here is another document.

http://web.monkeysphere.info/doc/trust-models/
You can find the explanation:

So "full" ownertrust on a key is only meaningful as long as there is a trust
path to some User ID on that key already. "ultimate" ownertrust is meaningful
anyway, because presumably you control that key.

werner closed this task as Resolved.Jul 14 2016, 9:42 AM
werner claimed this task.