Trust deepths (tsign)

Damien Goutte-Gattat dgouttegattat at
Wed May 8 17:16:35 CEST 2019


On Wed, May 08, 2019 at 03:23:08PM +0200, Dirk Gottschalk via Gnupg-devel wrote:
>As we all know, with tsign, you can set a trust deepth and a trust
>I did not find any way to change this options afterwards. Is this

Yes. A trust signature (tsign) is first and foremost, well, a signature.  
You cannot change it after it has been emitted.

>I know, one can delete the key, reimport it an set a new trust lebel,
>but this seems not to be the best way, IMHO.

If the trust signature is only present on your own keyring (meaning that 
after signing the key you have not sent it back to its owner, or 
uploaded to a keyserver, or published it in any way), then you can 
simply delete the trust signature (`delsig` command in gpg's key 

Otherwise, if the signature is already out, then there's no point in 
removing it from your keyring (any later refresh from a keyserver would 
import the signature back). What you can do instead is to *revoke* the 
first signature and then emit a new trust signature.

Hope that helps,

- Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <>

More information about the Gnupg-devel mailing list