signing a robot's key - was: Re: Global Directory signatures

Atom 'Smasher' atom at
Thu Dec 30 22:12:45 CET 2004

Hash: SHA256

On Thu, 30 Dec 2004, David Shaw wrote:

> Both GnuPG and PGP do more or less the same thing here.  You can import 
> keys freely, but such keys will remain invalid until there is a valid 
> trust path to the key.  Invalid keys are usable, but you get some 
> variation of the "are you sure?" message before you can use the key.

i don't recall PGP(tm) having the option of "are you sure" for an unsigned 
key, but i didn't spend much time with it. i was left with the impression 
that the key couldn't be used unless it had a signature.

> If there is no valid trust path to the key, and you want to make it 
> valid (say, if you want to trust signatures issued by it, as in the case 
> of the GD key), then you need to sign or locally sign the key yourself. 
> PGP's "Sign" command actually defaults to local signing. You need to 
> make an explicit action (check a check box) to make it a regular 
> exportable signature.  Note that I'm speaking about PGP 8 here, though I 
> seem to recall that PGP 7 was the same.

one can also use edit-key and assign ultimate trust to a key, which will 
make it trusted without a signature.

- -- 

  PGP key -
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

 	"Think of the press as a great keyboard on which the
 	 government can play."
 		-- Joseph Goebbels, Nazi Propaganda Minister.

Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?


More information about the Gnupg-users mailing list