How trust works in gpg...

Herbert Furting lhshas at googlemail.com
Tue Apr 15 13:39:43 CEST 2008 

2008/4/15 Peter Lewis <prlewis at letterboxes.org>:
>  Ah, thanks, that makes sense. And then I can sign his new UIDs too? Or just
>  change their trust level?
You'll "have" to sign his new UIDs, too.
What you could to is do issue a so called non-exportable (gpg uses the
term local, iirc) signature.
That means this signature is (better said should be) only recognized
by the signer (you) but not by other people.

>  Thanks, this is helpful. So, if I have to set the trust of other keys myself
>  in order to recognise them as valid, what is the function of
Yes,.. but not always,.. for example gpg sets your own key
automatically to an unlimited trust ;-)

>  the "completes-needed", "marginals-needed" and "max-cert-depth" options in my
>  gpg.conf file?
gpg uses a so called trust modell (there ary actually several
different), where you can each UID/key an specific amount of trust.
You can give:
                 n         Never trust this key.
                 m         Marginally trusted.
                 f         Fully trusted.
                 u         Ultimately trusted.
and you'll also see:
                 -         No ownertrust assigned / not yet calculated.
                 e         Trust  calculation  has  failed; probably due to an
                           expired key.
                 q         Not enough information for calculation.

(I've stole that from the manpage,.. so credit should go to Werner or
some of the other developers ;) )


Depending on how much you trust a user you normally give him n (e.g.
your little brother who signs every key/uid without validating it, m
or f and rarely perhaps even u (your wife, which you fully trust
*g*.... or not).
u means that you automatically recognize the key/UIDs that keyholder
made as valid
completes-needed specify how many trust-paths you need to a key from
keys you trust fully.
marginals-needed is the same for marginally trusted keys.

suppose you are A and have signed following key/UIDs with following
trust values:
B(f)
C(f)
D(m)
E(m)
Now your gpg gets the key F, which you haven't signed yourself, but
the others have, thus you'll have the following trust-paths:
A->B(f)-F
A->C(f)-F
A->D(m)-F
A->E(m)-F

Suppose marginals-needed=3 and completes-needed=2:
The two paths
A->D(m)-F
A->E(m)-F
are not enough the recognize F as valid, because you'd need tree ?(m)
paths, but the two other pathes are enough.

(@the others,.. was that correct?)


Herbert.

More information about the Gnupg-users mailing list