Mailing List Archive: GnuPG: devel

empty trust field for --with-colons and CMS

Index | Next | Previous | View Threaded

bernhard at intevation

Aug 13, 2008, 5:16 AM

Post #1 of 5 (250 views)
Permalink

empty trust field for --with-colons and CMS

What does an empty second field for "crt" and "uid" --with-colons mean?

Current documentation
http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?rev=4811
does not seem to have a hint about this.

My problem is that I do get an extra warning when trying to encrypt
with a gpgme using application (Kontact enterprise35, see
compare kolab/issue2976 (Irritating trust warning when selecting keys for
encryption))

On the command line encryption works fine as it should.
The root cert is in there an trusted, also all CRLs are fine,
still

LANG=C gpgsm --with-colons --list-keys bernhard[at]intevation.de
BUG: trying to release an already released cert
/home/etch3/.gnupg/pubring.kbx
------------------------------
crt::2048:1:3B85F74F46C65E78:20080619T084325:20100619T084325:06::CN=ZS
8,O=Intevation GmbH,C=DE::escESC:
fpr:::::::::9CF8E2A00B1EE4BF02662A693B85F74F46C65E78:::0CBB157CBE5ACD8F343DBA0AEAE22FA0BD659BB2:
uid:::::::::CN=Bernhard Reiter,O=Intevation GmbH,C=DE::
uid:::::::::<bernhard[at]intevation.de>::
secmem usage: 0/16384 bytes in 0 blocks

The empty field seems to be undefined.
Gpgme will interpret this as GPGME_VALIDITY_UNKNOWN = 0.
It looks incorrect to me.
What am I missing?

Best,
Bernhard
--
Managing Director - Owner: www.intevation.net (Free Software Company)
Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

Attachments:

smime.p7s (1.57 KB)

wk at gnupg

Aug 13, 2008, 5:59 AM

Post #2 of 5 (236 views)
Permalink

Re: empty trust field for --with-colons and CMS [In reply to]

On Wed, 13 Aug 2008 14:16, bernhard[at]intevation.de said:
> What does an empty second field for "crt" and "uid" --with-colons mean?

No validation has been done. If you try this on the command line, add
option --with-validation.

> LANG=C gpgsm --with-colons --list-keys bernhard[at]intevation.de
> BUG: trying to release an already released cert

That bug needs to be tracked down. Can you provide me a test case?

Shalom-Salam,

Werner

--
Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org

Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

bernhard at intevation

Aug 13, 2008, 6:55 AM

Post #3 of 5 (236 views)
Permalink

Re: empty trust field for --with-colons and CMS [In reply to]

On Wednesday 13 August 2008 14:59, Werner Koch wrote:
> On Wed, 13 Aug 2008 14:16, bernhard[at]intevation.de said:
> > What does an empty second field for "crt" and "uid" --with-colons mean?
>
> No validation has been done. If you try this on the command line, add
> option --with-validation.

No change, see below.
But this means that GPGME_VALIDITY_UNKNOWN that an application gets back
from gpgme is not a reason to warn before using a key?
What is the result if validation fails? UNDEFINED? NEVER?

LANG=C gpgsm --with-validation --with-colons --list-keys
bernhard[at]intevation.de
gpgsm: DBG: connection to dirmngr established
gpgsm[19687]: can't connect to `/home/etch3/.gnupg/S.gpg-agent': No such file
or directory
gpgsm: no running gpg-agent - starting one
gpgsm: DBG: connection to agent established
BUG: trying to release an already released cert
/home/etch3/.gnupg/pubring.kbx
------------------------------
crt::2048:1:3B85F74F46C65E78:20080619T084325:20100619T084325:06::CN=ZS
8,O=Intevation GmbH,C=DE::escESC:
fpr:::::::::9CF8E2A00B1EE4BF02662A693B85F74F46C65E78:::0CBB157CBE5ACD8F343DBA0AEAE22FA0BD659BB2:
uid:::::::::CN=Bernhard Reiter,O=Intevation GmbH,C=DE::
uid:::::::::<bernhard[at]intevation.de>::
secmem usage: 0/16384 bytes in 0 blocks

--
Managing Director - Owner: www.intevation.net (Free Software Company)
Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

bernhard at intevation

Aug 13, 2008, 7:04 AM

Post #4 of 5 (236 views)
Permalink

Re: BUG: trying to release an already released cert (was: empty trust field for --with-colons and CMS) [In reply to]

On Wednesday 13 August 2008 14:59, Werner Koch wrote:
> > LANG=C gpgsm --with-colons --list-keys bernhard[at]intevation.de
> > BUG: trying to release an already released cert
>
> That bug needs to be tracked down. Can you provide me a test case?

I've tried, send it to you by personal email.

--
Managing Director - Owner: www.intevation.net (Free Software Company)
Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

Attachments:

smime.p7s (1.57 KB)

wk at gnupg

Aug 13, 2008, 8:09 AM

Post #5 of 5 (234 views)
Permalink

Re: empty trust field for --with-colons and CMS [In reply to]

On Wed, 13 Aug 2008 15:55, bernhard[at]intevation.de said:

> LANG=C gpgsm --with-validation --with-colons --list-keys
> bernhard[at]intevation.de

> crt::2048:1:3B85F74F46C65E78:20080619T084325:20100619T084325:06::CN=ZS
> 8,O=Intevation GmbH,C=DE::escESC:

Okay, I fixed that in svn revision 4813.

For X.509 certificates an 'u' is used for a trusted root
certificate (i.e. for the trust anchor) and an 'f' for all
other valid certificates.

Salam-Shalom,

Werner

--
Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org

Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com