[PATCH] gpg: Exclude revoked UTKs from the key validation process.
Glop
glopglop at riseup.net
Sun Jun 7 18:36:53 CEST 2026
* g10/trustdb.c (validate_keys): Remove revoked keys from the UTK list.
--
Along the lines of commit 19f2f00bfd30ca2389318d11047346a5ade95e75
for expired keys, revoked ultimately trusted keys should not be used
for trust computation.
Signed-off-by: Glop <glopglop at riseup.net>
---
Hello all,
It seems to me that there is an issue in the key validation process
when an ultimately trusted key is revoked: while I would expect the
revoked key (and its signatures) to become untrusted after revocation,
it doesn't seem to be the case, and its signatures on other keys are
still taken into account when computing their validity.
In order to reproduce this:
1. Generate a new public/secret key pair (say, MyKey).
2. Import a new public key in the keyring (say, OtherKey).
3. Sign OtherKey using MyKey.
4. Check that OtherKey has now `full` validity.
5. Revoke MyKey.
6. Run `gpg --check-trustdb` to forcefully update the trust DB.
7. Check the validity of OtherKey: it still shows `full`, while
it should in fact be `unknown`, since MyKey's signature should
not be trusted anymore.
I tried this on the GnuPG 2.4 and 2.5 branches, and both are impacted.
>From what I could test, the attached patch (adapted from 19f2f00bfd)
fixed this. I hope this will help :)
Thank you very much!
Glop
g10/trustdb.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 9c26a8336..f6bbc8cb6 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -2253,6 +2253,13 @@ validate_keys (ctrl_t ctrl, int interactive)
keystr(k->kid));
continue;
}
+ if (pk->flags.revoked)
+ {
+ if (!opt.quiet)
+ log_info (_("Note: ultimately trusted key %s revoked\n"),
+ keystr(k->kid));
+ continue;
+ }
{
struct key_item *ki = copy_key_item (k);
--
2.54.0
More information about the Gnupg-devel
mailing list