Change Details

gpg's manpage says: > If the option --only-sign-text-ids is specified, then any non-text based user ids (e.g., photo IDs) will not be selected for signing. Well, let's try it on a brand new key I generated on purpose: ``` ~ $ gpg --edit-key pippo@pippo.com gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. sec rsa3072/BE99372685E5B738 created: 2018-02-07 expires: 2020-02-07 usage: SC trust: ultimate validity: ultimate ssb rsa3072/802DF18BADE59998 created: 2018-02-07 expires: 2020-02-07 usage: E [ultimate] (1). pippo <pippo@pippo.com> [ultimate] (2) [jpeg image of size 62522] gpg> sign --only-sign-text-ids Really sign all text user IDs? (y/N) y sec rsa3072/BE99372685E5B738 created: 2018-02-07 expires: 2020-02-07 usage: SC trust: ultimate validity: ultimate Primary key fingerprint: FA4E D8C3 A04F F411 4D2F 4879 BE99 3726 85E5 B738 pippo <pippo@pippo.com> [jpeg image of size 62522] This key is due to expire on 2020-02-07. Are you sure that you want to sign this key with your key "Paride Legovini <pl@ninthfloor.org>" (5A09B4576DE8080E) Really sign? (y/N) y gpg> q Save changes? (y/N) y ``` Note how after the `sign` command I'm asked if I want to sign all the **text** user IDs, as an effect of the `--only-sign-text-ids` option, but `[jpeg image of size 62522]` appears as a UID to be signed. And it is indeed signed, as we can see by checking the actual signatures: ``` ~ $ gpg --check-sigs pippo@pippo.com gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 3 signed: 4 trust: 0-, 0q, 0n, 0m, 0f, 3u gpg: depth: 1 valid: 4 signed: 0 trust: 1-, 0q, 0n, 1m, 2f, 0u gpg: next trustdb check due at 2019-10-14 pub rsa3072 2018-02-07 [SC] [expires: 2020-02-07] FA4ED8C3A04FF4114D2F4879BE99372685E5B738 uid [ultimate] pippo <pippo@pippo.com> sig!3 BE99372685E5B738 2018-02-07 pippo <pippo@pippo.com> sig! 5A09B4576DE8080E 2018-02-07 Paride Legovini <pl@ninthfloor.org> uid [ultimate] [jpeg image of size 62522] sig!3 BE99372685E5B738 2018-02-07 pippo <pippo@pippo.com> sig! 5A09B4576DE8080E 2018-02-07 Paride Legovini <pl@ninthfloor.org> sub rsa3072 2018-02-07 [E] [expires: 2020-02-07] sig! BE99372685E5B738 2018-02-07 pippo <pippo@pippo.com> gpg: 5 good signatures ``` I think this issue is quite relevant, as it can lead to unwanted signatures, especially after keysigning events.

gpg's manpage says: > If the option --only-sign-text-ids is specified, then any non-text based user ids (e.g., photo IDs) will not be selected for signing. Well, let's try it on a brand new key I generated on purpose: ``` ~ $ gpg --edit-key pippo@pippo.com gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. sec rsa3072/BE99372685E5B738 created: 2018-02-07 expires: 2020-02-07 usage: SC trust: ultimate validity: ultimate ssb rsa3072/802DF18BADE59998 created: 2018-02-07 expires: 2020-02-07 usage: E [ultimate] (1). pippo <pippo@pippo.com> [ultimate] (2) [jpeg image of size 62522] gpg> sign --only-sign-text-ids Really sign all text user IDs? (y/N) y sec rsa3072/BE99372685E5B738 created: 2018-02-07 expires: 2020-02-07 usage: SC trust: ultimate validity: ultimate Primary key fingerprint: FA4E D8C3 A04F F411 4D2F 4879 BE99 3726 85E5 B738 pippo <pippo@pippo.com> [jpeg image of size 62522] This key is due to expire on 2020-02-07. Are you sure that you want to sign this key with your key "Paride Legovini <pl@ninthfloor.org>" (5A09B4576DE8080E) Really sign? (y/N) y gpg> q Save changes? (y/N) y ``` Note how after the `sign` command I'm asked if I want to sign all the **text** user IDs, as an effect of the `--only-sign-text-ids` option, but `[jpeg image of size 62522]` appears as a UID to be signed. And it is indeed signed, as we can see by checking the actual signatures: ``` ~ $ gpg --check-sigs pippo@pippo.com gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 3 signed: 4 trust: 0-, 0q, 0n, 0m, 0f, 3u gpg: depth: 1 valid: 4 signed: 0 trust: 1-, 0q, 0n, 1m, 2f, 0u gpg: next trustdb check due at 2019-10-14 pub rsa3072 2018-02-07 [SC] [expires: 2020-02-07] FA4ED8C3A04FF4114D2F4879BE99372685E5B738 uid [ultimate] pippo <pippo@pippo.com> sig!3 BE99372685E5B738 2018-02-07 pippo <pippo@pippo.com> sig! 5A09B4576DE8080E 2018-02-07 Paride Legovini <pl@ninthfloor.org> uid [ultimate] [jpeg image of size 62522] sig!3 BE99372685E5B738 2018-02-07 pippo <pippo@pippo.com> sig! 5A09B4576DE8080E 2018-02-07 Paride Legovini <pl@ninthfloor.org> sub rsa3072 2018-02-07 [E] [expires: 2020-02-07] sig! BE99372685E5B738 2018-02-07 pippo <pippo@pippo.com> gpg: 5 good signatures ``` I think this issue is quite relevant, as it can lead to unwanted signatures, especially after keysigning events. Edit: I also noticed that `gpg --edit-key --only-sign-text-ids` has no effect, the `sign` command asks to sign all the UIDs: ``` ~ $ gpg --edit-key --only-sign-text-ids pippo@pippo.com [...] gpg> sign Really sign all user IDs? (y/N) ```

gpg's manpage says: > If the option --only-sign-text-ids is specified, then any non-text based user ids (e.g., photo IDs) will not be selected for signing. Well, let's try it on a brand new key I generated on purpose: ``` ~ $ gpg --edit-key pippo@pippo.com gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. sec rsa3072/BE99372685E5B738 created: 2018-02-07 expires: 2020-02-07 usage: SC trust: ultimate validity: ultimate ssb rsa3072/802DF18BADE59998 created: 2018-02-07 expires: 2020-02-07 usage: E [ultimate] (1). pippo <pippo@pippo.com> [ultimate] (2) [jpeg image of size 62522] gpg> sign --only-sign-text-ids Really sign all text user IDs? (y/N) y sec rsa3072/BE99372685E5B738 created: 2018-02-07 expires: 2020-02-07 usage: SC trust: ultimate validity: ultimate Primary key fingerprint: FA4E D8C3 A04F F411 4D2F 4879 BE99 3726 85E5 B738 pippo <pippo@pippo.com> [jpeg image of size 62522] This key is due to expire on 2020-02-07. Are you sure that you want to sign this key with your key "Paride Legovini <pl@ninthfloor.org>" (5A09B4576DE8080E) Really sign? (y/N) y gpg> q Save changes? (y/N) y ``` Note how after the `sign` command I'm asked if I want to sign all the **text** user IDs, as an effect of the `--only-sign-text-ids` option, but `[jpeg image of size 62522]` appears as a UID to be signed. And it is indeed signed, as we can see by checking the actual signatures: ``` ~ $ gpg --check-sigs pippo@pippo.com gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 3 signed: 4 trust: 0-, 0q, 0n, 0m, 0f, 3u gpg: depth: 1 valid: 4 signed: 0 trust: 1-, 0q, 0n, 1m, 2f, 0u gpg: next trustdb check due at 2019-10-14 pub rsa3072 2018-02-07 [SC] [expires: 2020-02-07] FA4ED8C3A04FF4114D2F4879BE99372685E5B738 uid [ultimate] pippo <pippo@pippo.com> sig!3 BE99372685E5B738 2018-02-07 pippo <pippo@pippo.com> sig! 5A09B4576DE8080E 2018-02-07 Paride Legovini <pl@ninthfloor.org> uid [ultimate] [jpeg image of size 62522] sig!3 BE99372685E5B738 2018-02-07 pippo <pippo@pippo.com> sig! 5A09B4576DE8080E 2018-02-07 Paride Legovini <pl@ninthfloor.org> sub rsa3072 2018-02-07 [E] [expires: 2020-02-07] sig! BE99372685E5B738 2018-02-07 pippo <pippo@pippo.com> gpg: 5 good signatures ``` I think this issue is quite relevant, as it can lead to unwanted signatures, especially after keysigning events. Edit: I also noticed that `gpg --edit-key --only-sign-text-ids` has no effect, the `sign` command asks to sign all the UIDs: ``` ~ $ gpg --edit-key --only-sign-text-ids pippo@pippo.com [...] gpg> sign Really sign all user IDs? (y/N) ```