Trust deepths (tsign)
Damien Goutte-Gattat
dgouttegattat at incenp.org
Wed May 8 17:16:35 CEST 2019
Hi,
On Wed, May 08, 2019 at 03:23:08PM +0200, Dirk Gottschalk via Gnupg-devel wrote:
>As we all know, with tsign, you can set a trust deepth and a trust
>domain.
>
>I did not find any way to change this options afterwards. Is this
>intented?
Yes. A trust signature (tsign) is first and foremost, well, a signature.
You cannot change it after it has been emitted.
>I know, one can delete the key, reimport it an set a new trust lebel,
>but this seems not to be the best way, IMHO.
If the trust signature is only present on your own keyring (meaning that
after signing the key you have not sent it back to its owner, or
uploaded to a keyserver, or published it in any way), then you can
simply delete the trust signature (`delsig` command in gpg's key
editor).
Otherwise, if the signature is already out, then there's no point in
removing it from your keyring (any later refresh from a keyserver would
import the signature back). What you can do instead is to *revoke* the
first signature and then emit a new trust signature.
Hope that helps,
- Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190508/182445e9/attachment.sig>
More information about the Gnupg-devel
mailing list