AW: How does trust work?

Rich Bodo rsb@ostel.com
Fri, 25 Aug 2000 05:16:41 -0700 (PDT)



>
> If you *really* did all the things you described, and Jim signed his
> communication keys with his auth key, then the comm keys should get
> accepted, I think. Have you tried gpg --check-sigs on both keys?
> Does gpg --edit-key <auth-key> list the trust as "f/f"?
>
Thanks for the reply. I really did all the things I said (sign, add, trust, update. add, update, etc.). I think the path of trust should be complete as well, although I think my logic in my last e-mail was flawed. I assumed that who owns a key matters, and now I think it doesn't. All that matters is that there is a "path of signatures" leading back to my key. I think the path of signatures here is complete, but gpg claims there is not enough info to evaluate trust of my friend's comm-key. This is what --check-sigs and --edit-key reveal. ID1 is his auth-key, ID2 is his comm-key, ID3 is his comm-sub-key, and ID4 is my key ID. The ID's 0, -1 and -2 are older keys used by the same individual. gpg --check-sigs Jim@Jim.com pub 1024D/ID0 1999-09-05 Jim Smith <Jim@Jim.com> sig! ID-1 1999-09-05 Jim Smith <Jim@Jim.com> sub 2048g/ID-2 1999-09-05 sig! ID-1 1999-09-05 Jim Smith <Jim@Jim.com> pub 1024D/ID2 2000-08-10 Jim Smith <Jim@Jim.com> sig! ID2 2000-08-10 Jim Smith <Jim@Jim.com> sig! ID1 2000-08-11 Jim Smith <Jim@Jim.com> sub 4096g/ID3 2000-08-10 [expires: 2001-02-06] sig! ID2 2000-08-10 Jim Smith <Jim@Jim.com> pub 1024D/ID1 2000-02-13 Jim Smith <Jim@Jim.com> sig! ID1 2000-02-13 Jim Smith <Jim@Jim.com> sig! ID4 2000-08-19 Rich Bodo <rsb@ostel.com> gpg --edit-key ID1 pub 1024D/ID1 created: 2000-02-13 expires: never trust: f/f (1) Jim Smith <Jim@Jim.com> gpg --edit-key ID2 pub 1024D/ID2 created: 2000-08-10 expires: 2001-02-06 trust: -/q sub 4096g/ID3 created: 2000-08-10 expires: 2001-02-06 (1) Jim Smith <Jim@Jim.com> gpg --edit-key ID4 Secret key is available. pub 1024D/ID4 created: 1999-10-26 expires: never trust: -/u sub 1024g/ID5 created: 1999-10-26 expires: never (1) Rich Bodo <rsb@ostel.com> The two things that look suspicious here are that I have an old key of his, and my own keys have no ownertrust assigned. I don't think the old key should matter whatsoever. That my own key has no ownertrust assigned is a surprise. O.K. I guess having the secret key in my secret keyring doesn't mean that I trust the owner. I'm sure there is a good reason for that, I just can't fathom it right now. Let's see what happens when I mark my own public key as full/ultimate trust...NOPE :(. GPG still tells me there is no path when I try to encrypt. Here is the command I use: gpg -o gpgfile -se -r ID2 clearfile And here is the error I get: No path leading to one of our keys found. 4096g/ID3 2000-08-10 "Jim Smith <Jim@Jim.com>" Fingerprint: blah blah blah It is NOT certain that the key belongs to its owner. If you *really* know what you are doing, you may answer the next question with yes So I answer no. Well, some new info, if no new solution. If anyone sees an obvious mistake, please let me know. -Rich -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org