[kleopatra] [Bug 497886] Signature verification shows "certificate validity unknown" if only non-primary UID of signing key is trusted

Tilman Blumenbach bugzilla_noreply at kde.org
Fri Dec 27 21:31:11 GMT 2024 

https://bugs.kde.org/show_bug.cgi?id=497886

--- Comment #4 from Tilman Blumenbach <tilman at dataoverload.de> ---
(In reply to Ingo Klöcker from comment #2)
> Kleopatra doesn't evaluate anything about trust or validity. It just
> displays the result of the verification done by gpg.
> 
> What is the output for `gpg --verify --status-fd 2 ponymix-5.tar.xz.sig`?

Thanks for the response, and happy holidays! The output is:

-------------------
gpg: assuming signed data in 'ponymix-5.tar.xz'
[GNUPG:] NEWSIG
gpg: Signature made Mo 03 Okt 2016 20:13:57 CEST
gpg:                using RSA key 1EB2638FF56C0C53
[GNUPG:] KEY_CONSIDERED 487EACC08557AD082088DABA1EB2638FF56C0C53 0
[GNUPG:] SIG_ID AGt7anGLVsxlzpnHuteFJ7qu0mo 2016-10-03 1475518437
[GNUPG:] KEY_CONSIDERED 487EACC08557AD082088DABA1EB2638FF56C0C53 0
[GNUPG:] GOODSIG 1EB2638FF56C0C53 Dave Reisner <d at falconindy.com>
gpg: Good signature from "Dave Reisner <d at falconindy.com>" [unknown]
gpg:                 aka "Dave Reisner <dreisner at archlinux.org>" [full]
[GNUPG:] VALIDSIG 487EACC08557AD082088DABA1EB2638FF56C0C53 2016-10-03
1475518437 0 4 0 1 8 00 487EACC08557AD082088DABA1EB2638FF56C0C53
[GNUPG:] TRUST_FULLY 0 pgp
Primary key fingerprint: 487E ACC0 8557 AD08 2088  DABA 1EB2 638F F56C 0C53
-------------------

Note "TRUST_FULLY 0 pgp" which appears to indicate that the signing key is
fully valid.


(In reply to Ingo Klöcker from comment #3)
> By the way, the output of `gpg -k` already shows you that gpg doesn't
> consider the key as valid. The validity is listed as "undefined":
> ```
> pub   rsa2048 2011-06-25 [SC] [undefined]
> ```

That's just the key's ownertrust since I have set "list-options
show-ownertrust" in my GPG config (sorry, should've mentioned that).

The actual key validity for signature verification is, to my understanding,
displayed next to the UID -- and that's "full" for the secondary UID:

---------
uid           [ unknown] Dave Reisner <d at falconindy.com>
uid           [  full  ] Dave Reisner <dreisner at archlinux.org>
---------

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the Kdepim-bugs mailing list