gpg: return value, validity vs trust

Hauke Laging mailinglisten at
Sat Dec 13 22:43:46 CET 2014

Am Sa 13.12.2014, 19:39:00 schrieb Anish R Athalye:

> Unfortunately, valid != trusted.
> In terms of security, validity means almost nothing.

Once more the terminology is the problem.

What you mean with "valid" is called "correct". Validity is a key 
status. A "valid signature" is a signature by a valid key. A key usually 
becomes valid by getting signed.

"Trust" refers to owner trust (certification trust). Setting owner trust 
to "ultimate" makes a key valid. Apart from that "trust" is not related 
to (data) signature checking.

A few months ago we had here a discussion about an improved terminology. 
IIRC "accepted" was preferred over "valid".

Crypto für alle:
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 603 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20141213/d020a041/attachment-0001.sig>

More information about the Gnupg-devel mailing list