catalog Info Catalog previous gnupg: Agent EXPORT up gnupg: Agent Protocol next gnupg: Agent GET_PASSPHRASE

gnupg: Agent ISTRUSTED

 
 2.6.6 Importing a Root Certificate
 ----------------------------------
 
 Actually we do not import a Root Cert but provide a way to validate any
 piece of data by storing its Hash along with a description and an
 identifier in the PSE. Here is the interface description:
 
          ISTRUSTED <fingerprint>
 
    Check whether the OpenPGP primary key or the X.509 certificate with
 the given fingerprint is an ultimately trusted key or a trusted Root CA
 certificate.  The fingerprint should be given as a hexstring (without
 any blanks or colons or whatever in between) and may be left padded with
 00 in case of an MD5 fingerprint.  GPGAgent will answer with:
 
          OK
 
    The key is in the table of trusted keys.
 
          ERR 304 (Not Trusted)
 
    The key is not in this table.
 
    Gpg needs the entire list of trusted keys to maintain the web of
 trust; the following command is therefore quite helpful:
 
          LISTTRUSTED
 
    GpgAgent returns a list of trusted keys line by line:
 
          S: D 000000001234454556565656677878AF2F1ECCFF P
          S: D 340387563485634856435645634856438576457A P
          S: D FEDC6532453745367FD83474357495743757435D S
          S: OK
 
    The first item on a line is the hexified fingerprint where MD5
 fingerprints are '00' padded to the left and the second item is a flag
 to indicate the type of key (so that gpg is able to only take care of
 PGP keys).  P = OpenPGP, S = S/MIME. A client should ignore the rest of
 the line, so that we can extend the format in the future.
 
    Finally a client should be able to mark a key as trusted:
 
         MARKTRUSTED FINGERPRINT "P"|"S"
 
    The server will then pop up a window to ask the user whether she
 really trusts this key.  For this it will probably ask for a text to be
 displayed like this:
 
         S: INQUIRE TRUSTDESC
         C: D Do you trust the key with the fingerprint @FPR@
         C: D bla fasel blurb.
         C: END
         S: OK
 
    Known sequences with the pattern @foo@ are replaced according to this
 table:
 
 '@FPR16@'
      Format the fingerprint according to gpg rules for a v3 keys.
 '@FPR20@'
      Format the fingerprint according to gpg rules for a v4 keys.
 '@FPR@'
      Choose an appropriate format to format the fingerprint.
 '@@'
      Replaced by a single '@'.
catalog Info Catalog previous gnupg: Agent EXPORT up gnupg: Agent Protocol next gnupg: Agent GET_PASSPHRASE