Comments (9)
frntn
commented on May 14, 2024
2
Using a script to automate a relevant web of trust with all possible validity values, I have confirmed that gopass init will show you the keys with ultimate, full or marginal validity and NOT those with unknown or undefined validity
validity is computed based on a combination of signing trust, signing distance and signing count while trust is manually set by the keyring owner.
The only trust value that will automatically update the validity of itself is ultimate
So if you have imported your key (from keybase for example) then you must edit the trust value so the validity can be computed accordingly.
Also note the following :
- Generated keys (
gpg --gen-key) will always have aultimatevalidity, because the trust value is automatically set toultimate - Imported keys (
gpg --import) will almost everytime have anunknownvalidity, because the trust value isunknown. If the key is yours, it must be edited (gpg --edit-key [email protected] trust quit), if it's not yours but want the system to consider it valid, it must be signed (gpg --edit-key [email protected] lsign quit)
TLDR
There is NO issue here.
Just trust your imported key so it is considered valid
from gopass.
switchtrue
commented on May 14, 2024
2
Sorry for taking so long to reply I've only just found a chance to try again. I couldn't get it working by generating a key with the defaults. However, I modified the key with gpg --edit-key as per @frntn screencast and its now working perfectly. Thanks for your time.
from gopass.
frntn
commented on May 14, 2024
1
Hello,
I stumbled upon this bug too.
After some tests, I believe the issue is on the key validity [1] [2].
Here is an asciinema record to show some valid and invalid tust/validity : https://asciinema.org/a/5g77rduux3c9tc801potfc54k?autoplay=1&speed=7
TLDR :
- unknown/unknown => NOT OK
- full/unknown => NOT OK
- ultimate/ultimate => OK
I haven't tried all possible trust/validity combinations because it requires complex scenario with multiple signing identities.
Hope this helps anyway.
from gopass.
metalmatze
commented on May 14, 2024
hmm. I just created and then edited a key to have no expiration date. So far it works for me, without any issues whatsoever. Maybe a few more details on how to reproduce this would be helpful, thanks!
from gopass.
dominikschulz
commented on May 14, 2024
To the best of my understading we are correctly handling trust/validity of keys.
For GPG to accept a recipients public key it must at least have marginal validity. If you import a secret key it has no validity. See 1 and 2.
I've tried to reproduce the issue using your (very cool!) screencast, but for using an exported/imported secret key with ultimate/unknown worked perfectly well.
from gopass.
frntn
commented on May 14, 2024
Yes this may just be a documentation issue.
How did you manage to get ultimate/unknown ?
Everytime I ultimately trusted a key, validity was automatically set to ultimate too...
from gopass.
dominikschulz
commented on May 14, 2024
Great summary, thank you!
from gopass.
dominikschulz
commented on May 14, 2024
Awesome, thanks for sharing your solution.
from gopass.
espoelstra
commented on May 14, 2024
from gopass.
Related Issues (20)
- `gopass setup`: inconsistent behaviour and merge failure because of "unrelated histories" HOT 2
- gopass generate -g xkdc now fails if no language is set in config. HOT 1
- Feature Request: Wizard type multiline / editor HOT 4
- "Failed to check environment" & "Failed to list store" after fresh install HOT 1
- panic: runtime error: invalid memory address or nil pointer dereference HOT 3
- Feature Request: Ignoring passwords in the audit feature HOT 3
- gopass attempts to make GPG key despite there being one already HOT 3
- Feature request: configuration option to disable logo in notification HOT 4
- setup creates new branch in existing store
- audit /audit summary is broken/regressed HOT 4
- [FR] In a `gopass create` template, how do I specify that password should not be generated?
- Public keys are not exported into mounted stores HOT 5
- The same recipient can be added several times HOT 1
- gopass audit: checks still report as failure
- Gopass does not consistently respect upper and lowercase in secret names / Git commit fails if secret exists in different case HOT 3
- Windows Defender detects 1.15.12 as malware HOT 4
- [FR] Provide a log option to create sanitized logs suitable for sharing
- gopass not picking tmp dir location from ENV variable. Can't see a config option neither. HOT 3
- Confusing "need to unlock" message during setup
- deb package doesn't come with completions or a man page HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gopass.