trust value semantics
David Shaw
dshaw at jabberwocky.com
Wed Nov 13 06:30:02 CET 2002
On Tue, Nov 12, 2002 at 09:35:12PM -0500, Joel N. Weber II wrote:
> What's less obvious is whether I need to care about the public key or
> subkey trust value. The key question, I think, is whether there's a
> guarantee that any subkeys I see in the output of a command like the
> one below do in fact belong to the public key: whether the primary
> public key has signed the subkeys. If that guarantee exists (and I
> *think* that the way --import works, that guarentee does exist), then
> I can just check the trust values on uids, and not worry about trust
> on public keys and subkeys; otherwise, I'm not entirely sure how to
> check that the subkeys I might want to use actually belong to that
> primary public key.
There is a guarantee. You can't import a subkey that isn't signed by
the primary key. If you manage to force it to import by manually
appending the key to your keyring, the subkey will have a validity of
"i" (for invalid). Other than that, subkeys have the same validity as
the primary key, including "r" for revoked, and "e" for expired.
David
--
David Shaw | dshaw at jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
More information about the Gnupg-devel
mailing list