Page MenuHome GnuPG
Create Task
Maniphest T3513

Change of trust of new uid not immediately reflected in user interface
Open, NormalPublic
Actions

Description

When I edit an existing key and add a new user identity, then this identity is first shown as having "unknown" trust. Therefore, I select this new uid and "trust" it. This change is not visible until I exit the (text) user interface, though.

Steps to reproduce:

(Get some key pair, gpg --gen-key)

# gpg --edit-key KEYID
gpg (GnuPG) 2.1.20; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa2048/NUMBERSANDLETTERS
     created: 2017-11-19  expires: 2019-11-19  usage: SC  
     trust: ultimate      validity: ultimate
ssb  rsa2048/MORENUMBERSANDLETTERS
     created: 2017-11-19  expires: 2019-11-19  usage: E   
[ultimate] (1). Some Name <some@e.mail>

gpg> adduid 
Real name: Unknown 
Email address: dont@mail.me
Comment: 
You selected this USER-ID:
    "Unknown <dont@mail.me>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

sec  rsa2048/NUMBERSANDLETTERS
     created: 2017-11-19  expires: 2019-11-19  usage: SC  
     trust: ultimate      validity: ultimate
ssb  rsa2048/MORENUMBERSANDLETTERS
     created: 2017-11-19  expires: 2019-11-19  usage: E   
[ultimate] (1)  Some Name <some@e.mail>
[ unknown] (2). Unknown <dont@mail.me>

gpg> uid 2 

sec  rsa2048/NUMBERSANDLETTERS
     created: 2017-11-19  expires: 2019-11-19  usage: SC  
     trust: ultimate      validity: ultimate
ssb  rsa2048/MORENUMBERSANDLETTERS
     created: 2017-11-19  expires: 2019-11-19  usage: E   
[ultimate] (1)  Some Name <some@e.mail>
[ unknown] (2)* Unknown <dont@mail.me>

gpg> trust 
sec  rsa2048/NUMBERSANDLETTERS
     created: 2017-11-19  expires: 2019-11-19  usage: SC  
     trust: ultimate      validity: ultimate
ssb  rsa2048/MORENUMBERSANDLETTERS
     created: 2017-11-19  expires: 2019-11-19  usage: E   
[ultimate] (1)  Some Name <some@e.mail>
[ unknown] (2)* Unknown <dont@mail.me>

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) Y


sec  rsa2048/NUMBERSANDLETTERS
     created: 2017-11-19  expires: 2019-11-19  usage: SC  
     trust: ultimate      validity: ultimate
ssb  rsa2048/MORENUMBERSANDLETTERS
     created: 2017-11-19  expires: 2019-11-19  usage: E   
[ultimate] (1)  Some Name <some@e.mail>
[ unknown] (2)* Unknown <dont@mail.me>

gpg>

Still shows [ unknown] instead of [ultimate].

If I then hit CTRL-D (EOF) I get Save changes? (y/N) which I answer Y and am back at my shell prompt. If I then run gpg --edit-key KEYID again both uids are shown with trust [ultimate].

Details

Version
2.1.20

Event Timeline

musteresel created this task.Nov 20 2017, 12:46 AM
musteresel added a project: gnupg.Nov 20 2017, 12:57 AM
werner triaged this task as Normal priority.Nov 20 2017, 8:44 AM
werner edited projects, added Feature Request, gnupg (gpg23), OpenPGP; removed gnupg, Bug Report.
werner added a subscriber: werner.

To compute the key validity (trust) more information may be needed and we can only do that after the changes have been saved. Further, no-auto-chec-trustdb will anyway delay that computation until "gpg --check-trustdb" is run (e.g. by a cron job).

Sure, for ultimate validity there is no need for computations for that one key. We could improve here for just that case. I'll trun your report into a feature request for 2.3. Thanks.

werner added a project: gnupg24.Dec 13 2022, 11:21 AM
werner removed a project: gnupg (gpg23).Jan 19 2023, 4:50 PM