[gnutls-dev] OpenPGP Keys
Timo Schulz
twoaday at gmx.net
Thu Apr 19 11:02:14 CEST 2007
Ludovic Courtès wrote:
> refer to "signature packets" as found in a "transferable public key"?
> How does it differ from a "keyring"?
The trust db stores just the information how much you trust a key or
better its owner. It does not contain any key data. OpenPGP applications
might also store this _in_ the keyring and there is no extra file for it.
> Then, what is "ownertrust" in RFC 2440 terms?
See above. In GPG it is a value from 1 to 5 to the question:
"how far you trust the owner of the key to correctly verify other keys"
1 = don't know or won't say
2 = do not trust
3 = trust marginally
4 = trust fully
5 = trust ultimate
(5 is mostly useful for key pairs, other applications call it
"implicit trust")
I hope this explains the concept a little.
And I'm not exactly sure how the value is used in the openpgp
implementation of GnuTLS. Probably a generic check to verify
we have at least marginal trust for the peer key.
Timo
More information about the Gnutls-devel
mailing list