Addresses issue 445 #464

forbytten · 2024-11-21T05:32:18Z

Hi drduh,

Please consider this proposal to address Missing section for adding uids.

Debian Live version tested:

009f482430b8505bba8099aeac3f59eab92ddfa30ae8910d6293f7e198194bad24fa625fcfa38813e6e25b2b7502a542fa04af4e4c2a52376c36162fea8debf7  debian-live-12.8.0-amd64-gnome.iso

user@debian:~$ cat /etc/os-release                                                                                                                                                                                                                                                                                                                       
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"                                                                                                                                                                                                                                                                                                             
NAME="Debian GNU/Linux"                                                                                                                                                                                                                                                                                                                                  
VERSION_ID="12"                                                                                                                                                                                                                                                                                                                                          
VERSION="12 (bookworm)"                                                                                                                                                                                                                                                                                                                                  
VERSION_CODENAME=bookworm                                                                                                                                                                                                                                                                                                                                
ID=debian                                                                                                                                                                                                                                                                                                                                                
HOME_URL="https://www.debian.org/"                                                                                                                                                                                                                                                                                                                       
SUPPORT_URL="https://www.debian.org/support"                                                                                                                                                                                                                                                                                                             
BUG_REPORT_URL="https://bugs.debian.org/"                                                                                                                                                                                                                                                                                                                
IMAGE_ID=live                                                                                                                                                                                                                                                                                                                                            
BUILD_ID=20241109T101058Z

Example run:

user@debian:~$ declare -a additional_uids                                                                                                                                                                                                                                                                                                                
user@debian:~$ additional_uids=("Super Cool YubiKey 2024" "uid 1 <[email protected]>")                                                                                                                                                                                                                                                                    
user@debian:~$ for uid in "${additional_uids[@]}" ; do \                                                                                                                                                                                                                                                                                                 
    echo "$CERTIFY_PASS" | gpg --batch --passphrase-fd 0 --pinentry-mode=loopback --quick-add-uid "$KEYFP" "$uid"                                                                                                                                                                                                                                        
done

# Confirm the added uids start as "unknown" trust.                                                                                                                                                                                                                                                                                                                                                     
user@debian:~$ gpg -K                                                                                                                                                                                                                                                                                                                                    
/tmp/gnupg-2024-11-21-REDACTED/pubring.kbx                                                                                                                                                                                                                                                                                                               
--------------------------------------------                                                                                                                                                                                                                                                                                                             
sec   rsa4096/REDACTED 2024-11-21 [C]                                                                                                                                                                                                                                                                                                                    
      Key fingerprint = REDACTED                                                                                                                                                                                                                                                                                                                         
uid                   [ unknown] uid 1 <[email protected]>                                                                                                                                                                                                                                                                                                
uid                   [ultimate] My Cool YubiKey - 2024                                                                                                                                                                                                                                                                                                  
uid                   [ unknown] Super Cool YubiKey 2024                                                                                                                                                                                                                                                                                                 
                                                                                                                                                                                                                                                                                                                                                         
user@debian:~$ gpg --command-fd=0 --pinentry-mode=loopback --edit-key "$KEYID" <<EOF                                                                                                                                                                                                                                                                     
uid *                                                                                                                                                                                                                                                                                                                                                    
trust                                                                                                                                                                                                                                                                                                                                                    
5                                                                                                                                                                                                                                                                                                                                                        
y                                                                                                                                                                                                                                                                                                                                                        
save                                                                                                                                                                                                                                                                                                                                                     
EOF                                                                                                                                                                                                                                                                                                                                                      
Secret key is available.                                                                                                                                                                                                                                                                                                                                 
                                                                                                                                                                                                                                                                                                                                                         
sec  rsa4096/REDACTED                                                                                                                                                                                                                                                                                                                                    
     created: 2024-11-21  expires: never       usage: C                                                                                                                                                                                                                                                                                                  
     trust: ultimate      validity: ultimate                                                                                                                                                                                                                                                                                                             
[ unknown] (1). uid 1 <[email protected]>                                                                                                                                                                                                                                                                                                                 
[ultimate] (2)  My Cool YubiKey - 2024                                                                                                                                                                                                                                                                                                                   
[ unknown] (3)  Super Cool YubiKey 2024                                                                                                                                                                                                                                                                                                                  
                                                                                                                                                                                                                                                                                                                                                         
                                                                                                                                                                                                                                                                                                                                                         
sec  rsa4096/REDACTED                                                                                                                                                                                                                                                                                                                                    
     created: 2024-11-21  expires: never       usage: C                                                                                                                                                                                                                                                                                                  
     trust: ultimate      validity: ultimate                                                                                                                                                                                                                                                                                                             
[ unknown] (1)* uid 1 <[email protected]>                                                                                                                                                                                                                                                                                                                 
[ultimate] (2)* My Cool YubiKey - 2024                                                                                                                                                                                                                                                                                                                   
[ unknown] (3)* Super Cool YubiKey 2024                                                                                                                                                                                                                                                                                                                  
                                                                                                                                                                                                                                                                                                                                                         
sec  rsa4096/REDACTED                                                                                                                                                                                                                                                                                                                                    
     created: 2024-11-21  expires: never       usage: C                                                                                                                                                                                                                                                                                                  
     trust: ultimate      validity: ultimate                                                                                                                                                                                                                                                                                                             
[ unknown] (1)* uid 1 <[email protected]>                                                                                                                                                                                                                                                                                                                 
[ultimate] (2)* My Cool YubiKey - 2024                                                                                                                                                                                                                                                                                                                   
[ unknown] (3)* Super Cool YubiKey 2024                                                                                                                                                                                                                                                                                                                  
                                                                                                                                                                                                                                                                                                                                                         
Please decide how far you trust this user to correctly verify other users' keys                                                                                                                                                                                                                                                                          
(by looking at passports, checking fingerprints from different sources, etc.)                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                         
  1 = I don't know or won't say                                                                                                                                                                                                                                                                                                                          
  2 = I do NOT trust                                                                                                                                                                                                                                                                                                                                     
  3 = I trust marginally                                                                                                                                                                                                                                                                                                                                 
  4 = I trust fully                                                                                                                                                                                                                                                                                                                                      
  5 = I trust ultimately                                                                                                                                                                                                                                                                                                                                 
  m = back to the main menu                                                                                                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                                                                                                                                         
                                                                                                                                                                                                                                                                                                                                                         
sec  rsa4096/REDACTED                                                                                                                                                                                                                                                                                                                                    
     created: 2024-11-21  expires: never       usage: C                                                                                                                                                                                                                                                                                                  
     trust: ultimate      validity: ultimate                                                                                                                                                                                                                                                                                                             
[ unknown] (1)* uid 1 <[email protected]>                                                                                                                                                                                                                                                                                                                 
[ultimate] (2)* My Cool YubiKey - 2024                                                                                                                                                                                                                                                                                                                   
[ unknown] (3)* Super Cool YubiKey 2024                                                                                                                                                                                                                                                                                                                  
                                                                                                                                                                                                                                                                                                                                                         
Key not changed so no update needed. 

# Confirm the uids are now ultimately trusted.                                                                                                                                                                                                                                                                                                               
user@debian:~$ gpg -K                                                                                                                                                                                                                                                                                                                                    
gpg: checking the trustdb                                                                                                                                                                                                                                                                                                                                
gpg: marginals needed: 3  completes needed: 1  trust model: pgp                                                                                                                                                                                                                                                                                          
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u                                                                                                                                                                                                                                                                                    
/tmp/gnupg-2024-11-21-REDACTED/pubring.kbx                                                                                                                                                                                                                                                                                                               
--------------------------------------------                                                                                                                                                                                                                                                                                                             
sec   rsa4096/REDACTED 2024-11-21 [C]                                                                                                                                                                                                                                                                                                                    
      Key fingerprint = REDACTED                                                                                                                                                                                                                                                                                                                         
uid                   [ultimate] uid 1 <[email protected]>                                                                                                                                                                                                                                                                                                
uid                   [ultimate] My Cool YubiKey - 2024                                                                                                                                                                                                                                                                                                  
uid                   [ultimate] Super Cool YubiKey 2024

Addresses [Missing section for adding uids](drduh#445)

33f5727

forbytten mentioned this pull request Nov 21, 2024

Missing section for adding uids #445

Open

Fixed formatting to conform to existing conventions

7d08261

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Addresses issue 445 #464

Addresses issue 445 #464

forbytten commented Nov 21, 2024

Addresses issue 445 #464

Are you sure you want to change the base?

Addresses issue 445 #464

Conversation

forbytten commented Nov 21, 2024