Page MenuHome GnuPG

GpgOL: Keyresolver forbids to encrypt to (partially?) untrusted keys
Closed, InvalidPublic

Description

While checking T6701 I noticed that I could not encrypt to S/MIME keys where the root CA was not in the trustlist.txt that already was not working as intended. But it is worse then that. For OpenPGP we have a similar problem:

I am unable to encrypt because of the key for kloecker. I don't really understand yet why that key is red and carl and ted tester are blue. Especially since the recipient I selected "kloecker@kde.org" has full trust. But the UID that is visible for me has unknown trust.

pub   ed25519 2020-08-03 [SC] [expires: 2025-08-02]
      B81CE112B26A8EA8BE7B95D2E375339BF4C51840
uid           [ unknown] Ingo Klöcker <*@ingo-kloecker.de>
uid           [  full  ] Ingo Klöcker <kloecker@kde.org>
sub   ed25519 2020-08-03 [S]
      DB8E020E328C30942060BF21B16F599516474ABA
sub   ed25519 2020-08-03 [A]
      EF480203473FD7983791F4F4C168E0CA66EE4C2D

The key for Carl is OK apparently even though that one has fully unknown trust:

pub   ed25519 2023-07-03 [SC] [expires: 2025-07-03]
      6FB1E355120831EF89A3FE66ED43C5FB2746F663
uid           [ unknown] Carl Schwan <carl.schwan@gnupg.com>
sub   cv25519 2023-07-03 [E] [expires: 2025-07-03]
      73F578012DCC5A4112B66E6F113BDDDFEC5DDE16
sub   ed25519 2023-07-03 [A] [expires: 2026-07-02]
      E7EBA4777189B7A3AE4879FEDC71554954C2E375

This is a release blocker for 3.2

Event Timeline

aheinecke created this task.

Wait,.. I misunderstood this issue B81CE112B26A8EA8BE7B95D2E375339BF4C51840 has no encryption subkey o.O

Wait,.. I misunderstood this issue B81CE112B26A8EA8BE7B95D2E375339BF4C51840 has no encryption subkey o.O

It should have an expired encryption subkey (and my local version has a second not-expired encryption subkey).

ebo edited projects, added Not A Bug; removed vsd32, Restricted Project.Nov 27 2023, 10:28 AM
ebo added a subscriber: ebo.