manpagez: man pages & more
info gnupg
Home | html | info | man

File: gnupg.info,  Node: Agent ISTRUSTED,  Next: Agent GET_PASSPHRASE,  Prev: Agent EXPORT,  Up: Agent Protocol

2.6.6 Importing a Root Certificate
----------------------------------

Actually we do not import a Root Cert but provide a way to validate any
piece of data by storing its Hash along with a description and an
identifier in the PSE. Here is the interface description:

         ISTRUSTED 

   Check whether the OpenPGP primary key or the X.509 certificate with
the given fingerprint is an ultimately trusted key or a trusted Root CA
certificate.  The fingerprint should be given as a hexstring (without
any blanks or colons or whatever in between) and may be left padded with
00 in case of an MD5 fingerprint.  GPGAgent will answer with:

         OK

   The key is in the table of trusted keys.

         ERR 304 (Not Trusted)

   The key is not in this table.

   Gpg needs the entire list of trusted keys to maintain the web of
trust; the following command is therefore quite helpful:

         LISTTRUSTED

   GpgAgent returns a list of trusted keys line by line:

         S: D 000000001234454556565656677878AF2F1ECCFF P
         S: D 340387563485634856435645634856438576457A P
         S: D FEDC6532453745367FD83474357495743757435D S
         S: OK

   The first item on a line is the hexified fingerprint where MD5
fingerprints are '00' padded to the left and the second item is a flag
to indicate the type of key (so that gpg is able to only take care of
PGP keys).  P = OpenPGP, S = S/MIME. A client should ignore the rest of
the line, so that we can extend the format in the future.

   Finally a client should be able to mark a key as trusted:

        MARKTRUSTED FINGERPRINT "P"|"S"

   The server will then pop up a window to ask the user whether she
really trusts this key.  For this it will probably ask for a text to be
displayed like this:

        S: INQUIRE TRUSTDESC
        C: D Do you trust the key with the fingerprint @FPR@
        C: D bla fasel blurb.
        C: END
        S: OK

   Known sequences with the pattern @foo@ are replaced according to this
table:

'@FPR16@'
     Format the fingerprint according to gpg rules for a v3 keys.
'@FPR20@'
     Format the fingerprint according to gpg rules for a v4 keys.
'@FPR@'
     Choose an appropriate format to format the fingerprint.
'@@'
     Replaced by a single '@'.

© manpagez.com 2000-2024
Individual documents may contain additional copyright information.