signature level

David Shaw dshaw at
Tue Mar 22 14:56:23 CET 2005

On Tue, Mar 22, 2005 at 12:06:30PM +0100, Johan Wevers wrote:
> David Shaw wrote:
> >By default, GnuPG does not prompt you for a signature level.  If you
> >want to be prompted, use '--ask-cert-level'.
> And the default, without specifying and without the option
> --default-cert-level, is 0?


> >If you want to specify, but not be prompted each time, use
> >'--default-cert-level n' where n is 0, 1, 2 or 3.  The default is 0.
> >
> >GnuPG can be configured to ignore certain signature levels.  Use
> >'--min-cert-level' to set the minimum level you want to accept.  The
> >default is 2.
> Does that mean that gnupg in the default setup will ignore all signatures
> made with the default setup? From the code (keyedit.c line 872 and further)
> I understand that it will generate 0x10 sigs in the default setup.

No.  0x10 sigs are always accepted regardless of the --min-cert-level.


More information about the Gnupg-users mailing list