How trust works in gpg...

David Shaw dshaw at
Tue Apr 15 19:45:33 CEST 2008

On Tue, Apr 15, 2008 at 02:33:08PM +0100, Peter Lewis wrote:
> On Tuesday 15 April 2008 at 14:11:48 Sven Radde wrote:
> > Stan Tobias schrieb:
> > > If a public key has a UID1, which I already
> > > trust, and a new UID2 is added, why can't I infer trust for the new uid?
> > > (...)
> > > So the
> > > only person that could have added UID2 is the one that is in control of
> > > UID1 (supposedly, it's the same person).  Why is there a need to check
> > > anything?
> >
> > Because you do not know whether the owner of UID1 is also the owner of
> > UID2.
> >
> > Let's say, someone trusts my key and my user-id on that key.
> > Now, I add another ID: "Stan Tobias <sttob at>"...
> > No good idea to trust that without checking, is it?
> But isn't that the point of signing new UID's with the original one?

That's not how signing works.  You don't sign a UID with a UID.  You
sign a UID with a key.

KEY = The primary key.  It can issue signatures.
UID = A name
SIG = A signature that is made on the combination of KEY+UID.
SELFSIG = Same as SIG, bit issued yourself (i.e. by KEY).

When you make a key, you end up with (leaving out subkeys for now):


If someone wants to sign your key, you then end up with:


So SELFSIG is you saying "I bind this KEY and UID together", and SIG
is the other person saying "Me too".

If you add another UID at this point, you have:


Now, note that the other person hasn't made any statement about
whether the second UID is valid.  YOU have, but then, it's your key:
you can make any statement you like.  It only becomes believable when
someone else adds their "me too".


More information about the Gnupg-users mailing list