Page MenuHome GnuPG
Create Task
Maniphest T4082

GPGME: Modernize signature information
Open, WishlistPublic
Actions

Description

GpgME's signature status is currently really bad for GpgME clients. You have to somehow mix together signature summary and signature validity to get an idea about what really happened. Then you also in a MUA need to mix in the UID validity of the UID matching the sender. This is even without TOFU. Oh and do you want some origin with that?

This results in a very large tree of possibilities and is not nice to use. (e.g https://dev.gnupg.org/source/gpgol/browse/master/src/mail.cpp;d719c98902827d07af7619c9d19b4f2752bd0862$2368 ) If you include the helper functions used in that function its really a lot of code just to figure out what kind of information GPGME (and thus GnuPG) is trying to communicate.

It's also error prone and thus might be a security problem. E.g. I had code like:

if (m_uid.origin() == GpgME::Key::OriginWKD &&
    (sig.validity() == Signature::Validity::Unknown ||
     sig.validity() == Signature::Validity::Marginal))
  {
    // WKD is a shortcut to Level 2 trust.
    log_debug ("%s:%s: Unknown or marginal from WKD -> Level 2",
               SRCNAME, __func__);
   }

Which was actually a security problem because validity Unknown can also happen on errors. But now do I need to check for summary::green ? What does "green" even mean. Is it green when the key had unknown validity?

We need a much cleaner API with better documentation. This can of course be additional to the existing stuff as to not break things.

I'm assigning this to me to draft something.

Details

Version
master

Event Timeline

aheinecke created this task.Jul 17 2018, 4:09 PM
aheinecke added a comment.EditedJul 17 2018, 4:49 PM

My idea here is to have a discussed reference how the GnuPG community thinks a signature might be counted. Taking the discussions from our AutomatedEncryption stuff into account etc.
I would then like to extend gpg-error with the according strings / status codes.

Thinking about this more it would probably better be an extension of the decrypt / verify results.

Maybe a new result type "info_result" or something like that.

werner added a subscriber: werner.Jul 19 2018, 5:25 PM

Well, green is a shortcut on how to display the status of the signature. It came from the green frame KMail printed and it soley used to rely on that information. The idea was that gpgme tells you what it considers to be a good signature. Opinions and trust models meanwhile changed and thus we indeed need to update gpgme's suggestion.