Newbie -> trusting public key via batch method

Volker Gaibler volker.gaibler@urz.uni-heidelberg.de
Tue Feb 11 16:14:01 2003


Hello Steve,

On Mon, Feb 10, 2003 at 07:50:53PM -0800, Steve Kwong wrote:
> I am trying to sign and encrypt a file using a public key which I have
> imported.  However, I am prompted about the trust-worthiness of the public
> key.  Is there a way to import a public key and place trust on it without
> interactively editing the public key (gpg --edit-key <name>  ; trust ; 5)

I guess that this isn't a problem about ownertrust as set in
--edit-key because the ownertrust (shown in --edit-key <name> as the
first value of "x/y") is about the trust in the owner only to sign keys
he checked carefully. This is not about the question if the key is valid
or not. 

Just as an example: You've got my key in your keyring, downloaded from a
keyserver, so you don't know if that's really MY key or a forged one. To
make the key trusted, one way is to check the fingerprint in direct
contact with me (fingerprint of the key in your keyring should be
identical as the fingerprint the real owner, me, tells you). Then you
know that the key is valid and you sign (or lsign) it by --edit-key
volker sign ("sign" means you testify that you checked the key carefully
to belong to the stated owner). In your case this would be probably the
solution you're looking for. Use "lsign" if you don't want your
signature on the key ever to be exported e. g. in case you didn't check
it carefully enough but still want to see it valid on your own risk.

If you assign full ownertrust to me, using --edit-key volker trust 4, 
all keys I signed will be trusted if my key in your keyring is signed by
you. The ownertrust just say who trustworthy somebody is to correctly
introduce you to other people (how trustworthy I am to check my
signatures carefully). The web of trust is built with this ownertrust
and can help you make more keys valid indirectly, but you don't have to
use it because you can also just rely on signing keys after checking
them personally.

> such that when I try to use the key, I won't have to answer the prompt.

So use --edit-key <name> lsign.

By the way: Please don't steal threads i. e. "reply" to other mails,
change the subject and ask about other things but start a new thread via
"send mail to" or something like that.

Volker




--
 http://www.volker-gaibler.de                   mail@volker-gaibler.de
 OpenPGP key: 0x86ECAC0B
 get my public key from website above 
+---------------------------------------------------------------------+