[gnutls-dev] OpenPGP Keys

Timo Schulz twoaday at gmx.net
Thu Apr 19 11:02:14 CEST 2007

Ludovic Courtès wrote:

> refer to "signature packets" as found in a "transferable public key"?
> How does it differ from a "keyring"?

The trust db stores just the information how much you trust a key or
better its owner. It does not contain any key data. OpenPGP applications
might also store this _in_ the keyring and there is no extra file for it.

> Then, what is "ownertrust" in RFC 2440 terms?

See above. In GPG it is a value from 1 to 5 to the question:

"how far you trust the owner of the key to correctly verify other keys"

1 = don't know or won't say
2 = do not trust
3 = trust marginally
4 = trust fully
5 = trust ultimate

(5 is mostly useful for key pairs, other applications call it
 "implicit trust")

I hope this explains the concept a little.

And I'm not exactly sure how the value is used in the openpgp
implementation of GnuTLS. Probably a generic check to verify
we have at least marginal trust for the peer key.


More information about the Gnutls-devel mailing list