7.5.11 Changing TOFU Data

The OpenPGP engine features a Trust-On-First-Use (TOFU) key validation model. For resolving conflicts it is necessary to declare the policy for a key. See the GnuPG manual for details on the TOFU implementation.

Data type: enum gpgme_tofu_policy_t

SINCE: 1.7.0

The gpgme_tofu_policy_t type specifies the set of possible policy values that are supported by GPGME:

GPGME_TOFU_POLICY_AUTO

Set the policy to “auto”.

GPGME_TOFU_POLICY_GOOD

Set the policy to “good”.

GPGME_TOFU_POLICY_BAD

Set the policy to “bad”.

GPGME_TOFU_POLICY_ASK

Set the policy to “ask”.

GPGME_TOFU_POLICY_UNKNOWN

Set the policy to “unknown”.

To change the policy for a key the following functions can be used:

Function: gpgme_error_t gpgme_op_tofu_policy (gpgme_ctx_t ctx, const gpgme_key_t key, gpgme_tofu_policy_t policy)

SINCE: 1.7.0

The function gpgme_op_tofu_policy changes the TOFU policy of key. The valid values for policy are listed above. As of now this function does only work for OpenPGP and requires at least version 2.1.10 of GnuPG.

The function returns zero on success, GPG_ERR_NOT_SUPPORTED if the engine does not support the command, or a bunch of other error codes.

Function: gpgme_error_t gpgme_op_tofu_policy_start (gpgme_ctx_t ctx, const gpgme_key_t key, gpgme_tofu_policy_t policy)

SINCE: 1.7.0

The function gpgme_op_tofu_policy_start initiates a gpgme_op_tofu_policy operation. It can be completed by calling gpgme_wait on the context. See Waiting For Completion.

The function returns 0 if the operation was started successfully, and an error code if one of the arguments is not valid or the oepration could not be started.