Page MenuHome GnuPG
Feed Advanced Search

Oct 18 2022

werner added a comment to T6228: TOFU data are not updated when creating an encrypted message.

FWIW: I am not anymore very convinced of our tofu code. it leaks too many information because it tracks and stored all signature verification. The model is further way too complicated and the SQL used will eventually lead to a resource problem. Maybe doing Tofu stuff in the frontend is a better idea and get rid of all the history processing which works only for fresh mails and not for data verification.

Oct 18 2022, 5:55 PM · gpgme, TOFU
ikloecker added a comment to T6228: TOFU data are not updated when creating an encrypted message.

Yes it is set to tofu+pgp. Is it now possible to change the trust-model on context based?

Oct 18 2022, 2:41 PM · gpgme, TOFU
hefee added a comment to T6228: TOFU data are not updated when creating an encrypted message.

Thanks for the report, since you are using it on the command line and it works I assume that trust-model is set to tofu+pgp? Because in the Test code there is no context flag for tofu+pgp trust model.

Oct 18 2022, 1:52 PM · gpgme, TOFU
aheinecke triaged T6228: TOFU data are not updated when creating an encrypted message as Normal priority.

Thanks for the report, since you are using it on the command line and it works I assume that trust-model is set to tofu+pgp? Because in the Test code there is no context flag for tofu+pgp trust model.

Oct 18 2022, 11:52 AM · gpgme, TOFU

Oct 6 2022

hefee created T6228: TOFU data are not updated when creating an encrypted message.
Oct 6 2022, 1:47 PM · gpgme, TOFU

Sep 8 2021

bjmgeek added a comment to T3748: GPA is stuck if keyring is too big and trust-model is tofu+pgp.

I verified that manually putting the DB in WAL mode also resolved this issue, since writers don't block readers in WAL mode.

Sep 8 2021, 10:07 PM · TOFU, gnupg (gpg22), gpa

Apr 16 2018

gouttegd closed T3748: GPA is stuck if keyring is too big and trust-model is tofu+pgp as Resolved.

Thanks @werner for applying the patch. Closing here, since I have been using that patch for several weeks now without ever encountering the bug again.

Apr 16 2018, 3:41 PM · TOFU, gnupg (gpg22), gpa

Feb 19 2018

gouttegd added a comment to T3748: GPA is stuck if keyring is too big and trust-model is tofu+pgp.

The problem seems to have to do with the locking of the TOFU database.

Feb 19 2018, 12:55 AM · TOFU, gnupg (gpg22), gpa

Feb 16 2018

gouttegd added a comment to T3748: GPA is stuck if keyring is too big and trust-model is tofu+pgp.

Still trying to pinpoint the bug, but I am afraid I am stuck.

Feb 16 2018, 2:01 AM · TOFU, gnupg (gpg22), gpa

Jan 29 2018

gouttegd added a comment to T3748: GPA is stuck if keyring is too big and trust-model is tofu+pgp.

I did a few more tests and here are some more observations:

Jan 29 2018, 12:00 PM · TOFU, gnupg (gpg22), gpa

Jan 18 2018

werner triaged T3748: GPA is stuck if keyring is too big and trust-model is tofu+pgp as High priority.

One of these TOFU bugs. Thanks for the good bug report.

Jan 18 2018, 7:43 PM · TOFU, gnupg (gpg22), gpa

Aug 14 2017

marcus placed T2812: TOFU very slow on Windows up for grabs.
Aug 14 2017, 10:36 AM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows
marcus placed T2815: TOFU conflict not part of GpgME's sigsum up for grabs.
Aug 14 2017, 10:36 AM · Stalled, Bug Report, gnupg, TOFU

Aug 10 2017

marcus closed T2816: TOFU API in gpgme not documented as Resolved.

Done in 274609ba.

Aug 10 2017, 4:12 PM · gpgme, Bug Report, TOFU

Jul 13 2017

marcus assigned T2816: TOFU API in gpgme not documented to neal.
Jul 13 2017, 1:55 AM · gpgme, Bug Report, TOFU

Apr 3 2017

werner closed T2817: TOFU validity conflict not set on conflict as Resolved.

Time to say good bye my dear bug.

Apr 3 2017, 10:53 PM · Restricted Project, Bug Report, gnupg, TOFU

Mar 30 2017

admin created TOFU.
Mar 30 2017, 6:42 PM

Mar 17 2017

neal removed a project from T2914: TOFU Conflict Status fd output broken: Restricted Project.
Mar 17 2017, 7:39 PM · rc, Bug Report, gnupg, TOFU
neal closed T2914: TOFU Conflict Status fd output broken as Resolved.
Mar 17 2017, 7:39 PM · rc, Bug Report, gnupg, TOFU
neal added a comment to T2914: TOFU Conflict Status fd output broken.

I'm marking this as resolved since I think is fixed. Please reopen if this is
not the case.

Mar 17 2017, 7:39 PM · rc, Bug Report, gnupg, TOFU

Feb 2 2017

neal added a comment to T2914: TOFU Conflict Status fd output broken.

This should be fixed in 027b81b35fe36692005b8dba22d9eb2db05e8c80.

Feb 2 2017, 1:31 PM · rc, Bug Report, gnupg, TOFU
neal added a project to T2914: TOFU Conflict Status fd output broken: Restricted Project.
Feb 2 2017, 1:31 PM · rc, Bug Report, gnupg, TOFU

Jan 30 2017

neal added a comment to T2914: TOFU Conflict Status fd output broken.

To be clear the initial output is not wrong. At the time the information is
initially requested, the message has not yet been processed.

Anyway, I think I'm working on a fix so this is a non-issue.

Jan 30 2017, 2:27 PM · rc, Bug Report, gnupg, TOFU

Jan 16 2017

aheinecke added a comment to T2914: TOFU Conflict Status fd output broken.

Note that each of these outputs is preceded by a KEY_CONSIDERED lined (for the
same key). Since the TOFU conflict information is per key, I'd expect an
implementation to say: Oh, there is already some conflict information for key X.
This must be a more up to date version, so I'll delete that first instead of
appending to it. Is this an unreasonable expectation?

In my Opinion it is. There is a technical, (i guess) unintentional, reason for
the multiple outputs, they
don't convey useful information. So I would consider this Output a Bug and
implementations
working like you describe it to be a workaround for that bug.

Getting firs wrong information and later updating it with the correct
information makes implementations
more complicated and error prone and currently is not handled in GPGME.

Also in GPGME we just want to figure out the TOFU Info for all the UID's of the
key used
to check the signature. We don't want information about conflicting keys. We need
a reliable way to filter this out. So I have a patch that ignores all TOFU_USER
lines
that don't match the fingerprint of the signature but still that breaks because
the "Update"
is not handled.

Jan 16 2017, 10:01 AM · rc, Bug Report, gnupg, TOFU
werner added a comment to T2914: TOFU Conflict Status fd output broken.

KEY_CONSIDERED is orthogonal to the TOFU stats. Thus GPGME thus not evaluate it
to learn about the TOFU state.

Jan 16 2017, 8:52 AM · rc, Bug Report, gnupg, TOFU

Jan 14 2017

neal added a comment to T2914: TOFU Conflict Status fd output broken.

It's true that the user is listed 4 times, but this is because tofu.c:get_trust
is called four times. For instance, the first time it is called to show the
"gpg: Good signature from "tofu_conflict@example.com" [marginal]" line, and the
second time is it called to register the signature (tofu_register_signature).
This also explains why the signature count increases between the first and
second versions.

Note that each of these outputs is preceded by a KEY_CONSIDERED lined (for the
same key). Since the TOFU conflict information is per key, I'd expect an
implementation to say: Oh, there is already some conflict information for key X.
This must be a more up to date version, so I'll delete that first instead of
appending to it. Is this an unreasonable expectation?

It should be possible to change the behavior to only output the TOFU_STATS lines
if a TOFU_STATS_LONG line is also output (but I need to think about it some
more). Would this be better?

Jan 14 2017, 11:31 PM · rc, Bug Report, gnupg, TOFU

Jan 6 2017

werner added a project to T2914: TOFU Conflict Status fd output broken: rc.
Jan 6 2017, 7:06 PM · rc, Bug Report, gnupg, TOFU
aheinecke added projects to T2914: TOFU Conflict Status fd output broken: TOFU, gnupg, Bug Report.
Jan 6 2017, 5:34 PM · rc, Bug Report, gnupg, TOFU
aheinecke set Version to master on T2914: TOFU Conflict Status fd output broken.
Jan 6 2017, 5:34 PM · rc, Bug Report, gnupg, TOFU

Dec 2 2016

neal added a comment to T2812: TOFU very slow on Windows.

In general, parallel operations aren't great, but I find that such bad
performance surprising.

If you update a key, only that key's effective policy is rechecked, not all
keys. But, the effective policy of conflicting keys is always rechecked.

Dec 2 2016, 11:22 AM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows
werner closed T2742: tofu confused when keys are deleted from keyring as Resolved.
Dec 2 2016, 10:04 AM · Duplicate, TOFU, Bug Report, gnupg
werner added a comment to T2742: tofu confused when keys are deleted from keyring.

Duplicate of T2859

Dec 2 2016, 10:04 AM · Duplicate, TOFU, Bug Report, gnupg
werner added a project to T2742: tofu confused when keys are deleted from keyring: Duplicate.
Dec 2 2016, 10:04 AM · Duplicate, TOFU, Bug Report, gnupg
neal added a comment to T2742: tofu confused when keys are deleted from keyring.

This issue has also been reported in https://bugs.gnupg.org/gnupg/Issue2859

Werner replied there and I agree with his conclusion.

Dec 2 2016, 9:40 AM · Duplicate, TOFU, Bug Report, gnupg

Dec 1 2016

aheinecke added a comment to T2812: TOFU very slow on Windows.

While testing with tofu enabled I sometimes see that some actions take very
long. (>1minute)

Like importing a key in Kleopatra where Kleopatra does an import and starts a
keylist afterwards / in parallel.

I'll try to reproduce this on the command line. Just doing a simple import on
the command line is quick.

Do you have any hint what can take so long?
Like a trigger that would cause a rechecks for cross signatures?

Dec 1 2016, 1:23 PM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows
aheinecke removed a project from T2812: TOFU very slow on Windows: Restricted Project.
Dec 1 2016, 1:23 PM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows

Nov 30 2016

neal added a project to T2817: TOFU validity conflict not set on conflict: Restricted Project.
Nov 30 2016, 11:44 AM · Restricted Project, Bug Report, gnupg, TOFU
neal added a comment to T2817: TOFU validity conflict not set on conflict.

This should be fixed in: 2f27cb12e30c9f6e780354eecc3ff0039ed52c63 .

Nov 30 2016, 11:44 AM · Restricted Project, Bug Report, gnupg, TOFU

Nov 29 2016

aheinecke added a comment to T2812: TOFU very slow on Windows.

On Windows especially the initial keylist is very slow, subsequent keylists are
okish (less then 10 seconds) I don't think it's as big a problem anymore.
Listing a specific key is ~100ms. And that is with a large keyring (~18mb) on a
VM with a fairly slow harddisk.

For me this would be good enough to use tofu on windows. So it can be resolved
if you do not think the performance (especially of the initial listing) can be
improved or should have been better.

PS C:\Users\aheinecke> Measure-Command -Expression { gpg --no-auto-check-trustdb
--with-colons --trust-model tofu --list-keys --with-colons > $null }
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: please do a --check-trustdb
gpg: public key 60041E4EC03449C4 is 39 seconds newer than the signature
gpg: public key 60041E4EC03449C4 is 39 seconds newer than the signature

Days : 0
Hours : 0
Minutes : 1
Seconds : 14
Milliseconds : 785
Ticks : 747854659
TotalDays : 0.000865572521990741
TotalHours : 0.0207737405277778
TotalMinutes : 1.24642443166667
TotalSeconds : 74.7854659
TotalMilliseconds : 74785.4659

PS C:\Users\aheinecke> Measure-Command -Expression { gpg --no-auto-check-trustdb
--with-colons --trust-model tofu --list-keys --with-colons > $null }
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: please do a --check-trustdb
gpg: public key 60041E4EC03449C4 is 39 seconds newer than the signature

Days : 0
Hours : 0
Minutes : 0
Seconds : 7
Milliseconds : 812
Ticks : 78128420
TotalDays : 9.0426412037037E-05
TotalHours : 0.00217023388888889
TotalMinutes : 0.130214033333333
TotalSeconds : 7.812842
TotalMilliseconds : 7812.842

PS C:\Users\aheinecke> Measure-Command -Expression { gpg --no-auto-check-trustdb
--with-colons --trust-model pgp --list-keys --with-colons > $null }
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: public key 60041E4EC03449C4 is 39 seconds newer than the signature

Days : 0
Hours : 0
Minutes : 0
Seconds : 1
Milliseconds : 369
Ticks : 13697177
TotalDays : 1.58532141203704E-05
TotalHours : 0.000380477138888889
TotalMinutes : 0.0228286283333333
TotalSeconds : 1.3697177
TotalMilliseconds : 1369.7177

PS C:\Users\aheinecke> gpg --version
gpg (GnuPG) 2.1.17-beta30
libgcrypt 1.7.3

NOTE: THIS IS A DEVELOPMENT VERSION! It is only intended for test purposes and should NOT be used in a production environment or with production keys! Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later https://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

Home: C:/Users/aheinecke/AppData/Roaming/gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,

CAMELLIA128, CAMELLIA192, CAMELLIA256

Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Nov 29 2016, 3:44 PM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows

Nov 23 2016

neal added a comment to T2812: TOFU very slow on Windows.

Fixed in 03a65a5. The time for doing a tofu --with-tofu-info --with-colons
listing is now similar to doing a pgp listing.

Please reopen if there are still unresolved issues.

$ time gpg2 --with-tofu-info --with-colons --no-auto-check-trustdb
--no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg
--trust-model pgp -k >/dev/null
gpg: Note: signatures using the MD5 algorithm are rejected

real 0m1.972s
user 0m1.940s
sys 0m0.028s
$ time gpg2 --with-tofu-info --with-colons --no-auto-check-trustdb
--no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg
--trust-model tofu -k >/dev/null
gpg: Note: signatures using the MD5 algorithm are rejected

real 0m2.252s
user 0m2.172s
sys 0m0.020s

Nov 23 2016, 12:32 PM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows
neal added a project to T2812: TOFU very slow on Windows: Restricted Project.
Nov 23 2016, 12:32 PM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows

Nov 22 2016

neal added a comment to T2815: TOFU conflict not part of GpgME's sigsum.

I suspect that the problem is the same as T2817.

Nov 22 2016, 5:46 PM · Stalled, Bug Report, gnupg, TOFU
neal added a comment to T2817: TOFU validity conflict not set on conflict.

Andre and I chatted about this issue offline, and I now understand what the
problem is. The TOFU_STATS status line (as documented in gnupg/doc/DETAILS) has
a "validity" field that is a number between 0 and 4 where 1 to 4 indicate how
confident we are that the binding is valid, and 0 means that the binding has an
unresolved conflict. The problem that Andre has observed is that this field is
not set to 0 if there is a conflict.

As a matter of fact, the validity field is never set to 0. This is completely
redundant as the same TOFU_STATS status line has a policy parameter, which is
"ask" if there is a conflict. Moreover, overloading this field in this way
causes a loss of information. Just because there is a conflict doesn't mean
that gpg shouldn't report the validity, or that the client can't made use of it.

Thus, in my opinion, the right thing to do is to simply use the <policy> field
to detect whether there is a conflict. Werner has suggested that this is wrong,
but I couldn't follow his logic. Thus, I'm adding him to the nosy list and I
hope he can clarify what he wants here.

Nov 22 2016, 5:33 PM · Restricted Project, Bug Report, gnupg, TOFU
neal updated subscribers of T2817: TOFU validity conflict not set on conflict.
Nov 22 2016, 5:33 PM · Restricted Project, Bug Report, gnupg, TOFU

Nov 14 2016

neal added a comment to T2817: TOFU validity conflict not set on conflict.

Sorry for the delay in getting back to you on this issue. I think you mean they
have undefined trust (that's what I get here). Undefined trust means "not
enough information for calculation" (from trustdb.h).

Can you clarify what you mean by validity conflict?

Nov 14 2016, 3:52 PM · Restricted Project, Bug Report, gnupg, TOFU

Nov 1 2016

neal added a comment to T2812: TOFU very slow on Windows.

Hi Andre,

Thanks for following up. I seem to be able to reproduce the first part of your
issue here and I'm looking in to it.

Thanks,
Neal

Nov 1 2016, 4:48 PM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows

Oct 31 2016

aheinecke added a comment to T2812: TOFU very slow on Windows.

Sry I accidentally posted an incomplete message with T2812 (aheinecke on Oct 31 2016, 05:08 PM / Roundup) (I used itsalltext
and postet a wrong version).

I wanted to write:

On the command line it's looking good. The second keylist is also down to 5
seconds on Windows.

But used from gpgme it still takes about a minute. If you add --with-colons and
slow down system calls by using strace you can also see this on GNU/Linux:

~> time strace gpg2 --no-default-keyring \

--keyring /usr/share/keyrings/debian-keyring.gpg \
--no-auto-check-trustdb --trust-model pgp \
--with-colons -k >/dev/null 2>&1

2.26s user 0.40s system 102% cpu 2.601 total
~> time strace gpg2 --no-default-keyring \

--keyring /usr/share/keyrings/debian-keyring.gpg \
--no-auto-check-trustdb --trust-model tofu \
--with-colons -k >/dev/null 2>&1

21.43s user 24.47s system 108% cpu 42.451 total

On Windows it's:

PS C:\Users\aheinecke> Measure-Command -Expression { gpg --no-auto-check-trustdb
--trust-model tofu --list-keys > $null
}
TotalSeconds : 7.0945596

PS C:\Users\aheinecke> Measure-Command -Expression { gpg --no-auto-check-trustdb
--with-colons --trust-model tofu --lis
t-keys > $null }
TotalSeconds : 56.0914993

PS C:\Users\aheinecke> Measure-Command -Expression { gpg --no-auto-check-trustdb
--with-colons --trust-model pgp --list
-keys > $null }
TotalSeconds : 1.4855689

I'm also still seeing decryption blocked on Windows while a keylist
--with-colons runs.

I wonder if we should generally check out performance of reading the keyring on
Windows
mabye we could genrally improve it so that it's better cached by Windows.

Oct 31 2016, 5:11 PM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows
aheinecke added a comment to T2817: TOFU validity conflict not set on conflict.

No both have unknown trust.

Oct 31 2016, 3:01 PM · Restricted Project, Bug Report, gnupg, TOFU
neal added a comment to T2812: TOFU very slow on Windows.

7a634e48b13c5d5d295b8fed9b429e1b2109a333 should fix the contention issue.
Please let me know if you are still having issues.

Oct 31 2016, 3:17 AM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows

Oct 30 2016

neal added a comment to T2812: TOFU very slow on Windows.

eec365a & 614ca00 fixed the performance issue for me here.

us@chu:~/neal/work/gpg/test (GnuPGTest)$ rm tofu.db
us@chu:~/neal/work/gpg/test (GnuPGTest)$ time gpg --no-default-keyring --keyring
/usr/share/keyrings/debian-keyring.gpg -k >/dev/null
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: Note: signatures using the MD5 algorithm are rejected

real 0m45.569s
user 0m34.316s
sys 0m10.872s
us@chu:~/neal/work/gpg/test (GnuPGTest)$ time gpg --no-default-keyring --keyring
/usr/share/keyrings/debian-keyring.gpg -k >/dev/null
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: Note: signatures using the MD5 algorithm are rejected

real 0m2.306s
user 0m2.284s
sys 0m0.020s
us@chu:~/neal/work/gpg/test (GnuPGTest)$ time gpg --no-auto-check-trustdb
--trust-model pgp --no-default-keyring --keyring
/usr/share/keyrings/debian-keyring.gpg -k >/dev/null
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: please do a --check-trustdb
gpg: Note: signatures using the MD5 algorithm are rejected

real 0m2.261s
user 0m2.248s
sys 0m0.012s

Oct 30 2016, 7:12 PM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows
neal added a comment to T2812: TOFU very slow on Windows.

The first time a key is encountered, we need to do a number of checks that
require reading its keyblock. These include checking whether the key is signed
by an ultimately trusted key. So, this cost is pretty much unavoidable, but it
should be a one time thing.

That other gpg processes stall is surprising, and I will investigate this. I
went to a fair amount of trouble to make sure that that doesn't happen in practice.

That the cost is higher on subsequent runs is a bit disconcerting. I will also
investigate this.

Oct 30 2016, 5:21 PM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows
neal added a comment to T2817: TOFU validity conflict not set on conflict.

Are the two keys that you testing ultimately trusted? If so, then their
validity is good independent of their TOFU policy.

It is a bit unfortunate that the TOFU policy doesn't show this. I will try and
fix this, but it is a bit complicated because when a key's ownertrust is changed
(or a signature is added, etc.), the tofu db is not updated.

Oct 30 2016, 4:01 PM · Restricted Project, Bug Report, gnupg, TOFU

Oct 25 2016

aheinecke added a project to T2742: tofu confused when keys are deleted from keyring: TOFU.
Oct 25 2016, 2:46 PM · Duplicate, TOFU, Bug Report, gnupg
aheinecke added projects to T2817: TOFU validity conflict not set on conflict: TOFU, gnupg, Bug Report.
Oct 25 2016, 2:35 PM · Restricted Project, Bug Report, gnupg, TOFU
aheinecke added projects to T2816: TOFU API in gpgme not documented: TOFU, Bug Report, gpgme.
Oct 25 2016, 2:27 PM · gpgme, Bug Report, TOFU
aheinecke added a project to T2812: TOFU very slow on Windows: TOFU.
Oct 25 2016, 2:23 PM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows
aheinecke updated subscribers of T2815: TOFU conflict not part of GpgME's sigsum.
Oct 25 2016, 2:23 PM · Stalled, Bug Report, gnupg, TOFU
aheinecke added projects to T2815: TOFU conflict not part of GpgME's sigsum: TOFU, gnupg, Bug Report.
Oct 25 2016, 2:23 PM · Stalled, Bug Report, gnupg, TOFU