How to trust a key only for users in one domain

David Shaw dshaw at
Thu Dec 13 18:46:27 CET 2007

On Thu, Dec 13, 2007 at 10:19:07AM -0600, Chris Covington wrote:

> What would the command line be in GnuPG to sign a key and specify a
> domain, so that if that signed key signs another key in the
> specified domain, the other key would be listed as valid?
> For instance if I want to sign the gnupgAdmin at public key
> so that any key that the gnupgAdmin signs is listed as valid, if the
> key is for a user in the domain.  This is typically
> referred to as a "Trusted Introducer" signature and is listed in RFC
> 4880 section

Use "gpg --edit-key (thekey)" and then "tsign".  You will be asked the
usual signature questions, and also the trust level (RFC-4880 section and then the domain.


More information about the Gnupg-users mailing list