Using only one public key; no way to sign it

Frank Tobin
Wed Dec 5 22:41:01 2001

Steve Butler, at 13:15 -0800 on 2001-12-05, wrote:

>        --trusted-key long key ID
>                  Assume  that  the  specified  key (which must be
>                  given as a  full 8 byte key ID) is as  trustworthy
>                  as one of your own secret keys. This option
>                  is useful if you don't want to keep your  secret
>                  keys  (or  one of them) online but still want to
>                  be able to check the validity of a given recipient's
>                  or signator's key.

--trusted-key isn't necessarily a good option to use it still requires you
to still sign the key being used to encrypt.  I can think of a variety of
scenarios where this is not a viable option.  And you certainly don't want
have use --trusted-key directly on the key you are encrypting with,
because that introduces other problems, such as that trust filtering down
to other keys, validating them when you don't want to.

Frank Tobin