PGP doesn't import trust signatures w/ depth > 8 on keys exported with GPG

David Shaw dshaw at
Fri Jun 13 21:03:24 CEST 2008

On Fri, Jun 13, 2008 at 11:35:08AM -0700, bezna wrote:
> Hi,
> I'm using PGP Desktop 9.8 and I noticed when I export a public key from GPG
> and import it in PGP, any trust signatures made on it with GPG and given a
> depth greater than 8 are lost. Presumably this is because of constraints
> within PGP, IE the maximum trust depth that can be set in PGP for a
> signature is 8.
> I was wondering if anyone can provide a rationalization for why this
> is?

I could make a guess (8 is a huge depth already and so they capped it
there to simplify things?), but it would really be just a guess.  I
suggest contacting the PGP folks and asking them.  They're a very
responsive company.  Let us know what you find out.

> Ostensibly even a trust signature of depth 2 carries enormous power with it,
> but there is no such cap on GPG. Furthermore, why are signatures in GPG with
> a trust depth greater than 9 marked as a 'T' on listings, even though the
> depth of the signature still matters (e.g. a trust signature with a depth of
> 14 is still more powerful than one of depth 12, even though they're both
> labelled 'T'). 

This one I can answer, as I wrote that part of the code.  The reason
that GPG marks signatures with a depth greater than 9 as 'T' in a
signature listing is simply because the signature listing is
formatted, and I only had room for a single digit without reformatting
the display.  Thus, 'T' in this case just means "more than 9".  Note
that this is strictly a display convention, and the internal trust
calculations use the real number of course.


More information about the Gnupg-users mailing list