Gnupg-users Digest, Vol 99, Issue 15

John A. Wallace jw72253 at verizon.net
Thu Dec 29 19:01:15 CET 2011


> Message: 6
> Date: Thu, 29 Dec 2011 04:04:15 +0100
> From: Jerome Baum <jerome at jeromebaum.com>
> To: gnupg-users at gnupg.org
> Subject: Re: --trusted-key
> Message-ID: <4EFBD8AF.9080108 at jeromebaum.com>
> Content-Type: text/plain; charset="utf-8"
> 
> 
> > Finally, (and this part may very well
> > relate to my lack of fully understanding the trust procedures) would
> I be
> > specifying and ID in "--trusted-key long key ID" for a key that is
> one of
> > mine? If so, why would I need one of "my" keys, as the definition
> states, in
> > order "...to check the validity of a given recipient's or signator's
> key"?
> > I know I must be missing some critical point ----> woosh!  Thanks.
> 
> Yes, just like in my example, you would usually specify the ID of one
> of
> your own keys.
> 
> So say I've certified your key with my 215236DA. That key is not on
> this
> machine, but I'd like my gnupg to consider your email signatures valid.
> What I'm telling gnupg is that 215236DA is my own key, so any other key
> that is certified by 215236DA must be valid (presumably because I
> personally checked this before certifying).
> 
> trusted-key is really there for the above scenario -- it is my key, but
> it isn't on this computer, so gnupg can't know unless I tell it.
> There's
> basically not much more to it.*

That is now clear for me.  Thanks.  I believe the part that threw me off was
that I apparently misunderstood where the trust components resided.  I
thought that, because the trust was maintained in your database
independently of the keys themselves, the presence of the database on your
machine would have sufficed to carry the weight of the trusted key that was
not present.  I suppose now that this component of trust, using the command
"--trusted-key", has been manually inserted into the present database as it
was not relocated in some way on to the present machine without the trusted
key from which it was derived.  The trust components and interplay is
something I obviously need to continue studying.
 





More information about the Gnupg-users mailing list