trust

Werner Koch wk at isil.d.shuttle.de
Wed Jul 22 10:44:48 CEST 1998


Raj Laud <rlaud at io.com> writes:

> Due to the (understandable) lack of documentation for GPG right now, I'm not
> sure how trust is handled for keys. Could someone please explain to me how
> this works and how to edit or even view the trust values for certain keys?

It works more or less like PGP.  The difference is, that the trust is
computed at the time it is needed; this is one of the reasons of the
trustdb which holds a list of valid key signatures.  If you are not
running in batch mode you will be asked to assign a trust parameter
(ownertrust) to a key.  I have plans to use a cache for calculated
trust values to speed up calcualtion.

You can see the calculated trust value using this:

gpgm --list-keys --with-colons

If the first field is "pub", the second field shows you the trust:

      case TRUST_UNKNOWN:   c = 'o'; break;
      case TRUST_EXPIRED:   c = 'e'; break;
      case TRUST_UNDEFINED: c = 'q'; break;
      case TRUST_NEVER:     c = 'n'; break;
      case TRUST_MARGINAL:  c = 'm'; break;
      case TRUST_FULLY:     c = 'f'; break;
      case TRUST_ULTIMATE:  c = 'u'; break;

You can get a list of the assigned ownertrust values:

gpgm --list-ownertrust

The first field is the fingerprint of the primary key, the second one
the assigned value:  

#define TRUST_UNKNOWN     0  /* o: not yet calculated */
#define TRUST_EXPIRED     1  /* e: calculation may be invalid */
#define TRUST_UNDEFINED   2  /* q: not enough information for calculation */
#define TRUST_NEVER       3  /* n: never trust this pubkey */
#define TRUST_MARGINAL    4  /* m: marginally trusted */
#define TRUST_FULLY       5  /* f: fully trusted      */
#define TRUST_ULTIMATE    6  /* u: ultimately trusted */
 

I'm working on commands to edit the ownertrust values.


We need a lot more testing for this code - but wait until have done
the new design of the trust stuff.
Code for trust handling is in g10/trustdb.{ch} and g10/pkclist.c


Hope this helps,

Werner







More information about the Gnupg-devel mailing list