What's the proper way to make a key truested?
Anthony E. Greene
Mon May 20 22:35:01 2002
-----BEGIN PGP SIGNED MESSAGE-----
On 20-May-2002/12:19 -0500, JW <firstname.lastname@example.org> wrote:
>HH >> I just imported a friend's GPG key -- the first one I've imported in
>HH >> a while -- and I cannot make it trusted. I ran gpg --edit 56791C97
>HH >> tried 'trust' '4' (full trust) save (to which is said nothign needed
>HH >> to be saved) and closed.
>HH >I'm new to GPG, but as to my understanding you have to sign the Key to
>HH >trust it. The "trust" you have edited is how much you trust the key
>HH >(that is, the owner of the key) to introduce other keys to you.
>Wow, that's drastic (though understandable).
>Can anyone confirm this?
It's true. But you can create a non-exportable signature that will allow
you to assign a trust value to the key without publicly endorsing the key:
gpg --lsign 0xDEADBEEF
Anthony E. Greene <mailto:email@example.com>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05 HomePage: <http://www.pobox.com/~agreene/>
Linux: the choice of a GNU Generation. <http://www.linux.org/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene 0x6C94239D <firstname.lastname@example.org>
-----END PGP SIGNATURE-----