Using only one public key; no way to sign it

Frank Tobin ftobin@neverending.org
Wed Dec 5 22:41:01 2001


Steve Butler, at 13:15 -0800 on 2001-12-05, wrote:

>        --trusted-key long key ID
>                  Assume  that  the  specified  key (which must be
>                  given as a  full 8 byte key ID) is as  trustworthy
>                  as one of your own secret keys. This option
>                  is useful if you don't want to keep your  secret
>                  keys  (or  one of them) online but still want to
>                  be able to check the validity of a given recipient's
>                  or signator's key.

--trusted-key isn't necessarily a good option to use it still requires you
to still sign the key being used to encrypt.  I can think of a variety of
scenarios where this is not a viable option.  And you certainly don't want
have use --trusted-key directly on the key you are encrypting with,
because that introduces other problems, such as that trust filtering down
to other keys, validating them when you don't want to.

-- 
Frank Tobin		http://www.neverending.org/~ftobin/