What's the proper way to make a key truested?

Bart Martens bart.martens@advalvas.be
Tue May 21 07:06:01 2002


> >HH >> I just imported a friend's GPG key -- the first one I've imported in
> >HH >> a while -- and I cannot make it trusted. I ran gpg --edit 56791C97
> >HH >> tried 'trust' '4' (full trust) save (to which is said nothign needed
> >HH >> to be saved) and closed.
> >HH >
> >HH >I'm new to GPG, but as to my understanding you have to sign the Key to
> >HH >trust it. The "trust" you have edited is how much you trust the key
> >HH >(that is, the owner of the key) to introduce other keys to you.
> >
> >Wow, that's drastic (though understandable). 
> >
> >Can anyone confirm this?
> 
> It's true. But you can create a non-exportable signature that will allow
> you to assign a trust value to the key without publicly endorsing the key:
> 
>   gpg --lsign 0xDEADBEEF
> 
> Tony

Local-signing a key is similar to signing a key. The only difference is that
a local signature is not exported to key servers.

You should (local-)sign a key when you know the identity of the key owner.

Assigning a trust value is something else. The trust level reflects the
level of your trust in the key's owner signing behavior.

An excellent intro to PGP is on http://www.pgpi.org/doc/pgpintro/