Trust Signatures

David Shaw dshaw at
Mon Nov 17 21:18:34 CET 2008

On Mon, Nov 17, 2008 at 11:35:29AM -0800, Loren M. Lang wrote:

> I having trouble understanding trust signatures in OpenPGP so I decided
> to run an experiment.  I created a new private key for me in a fresh
> GNUPGHOME followed by private keys for Alice, Bobbie, Charlie, and
> Mallory in a separate GNUPGHOME.  I had Alice sign Bobbie's public key
> who signed Charlie's who signed Mallory's.  I then imported Alice,
> Bobbie, Charlie, and Mallory's public keys into my GNUPGHOME.  All there
> keys showed up as unknown trust and unknown validity as expected.  I
> then signed Alice's public key.  All signatures so far have been trust
> signatures with a depth of 4 and full trust with no domain specified.
> At this point Alice's key shows up as fully trusted and fully valid as
> expected.  Bobbie's key became automatically fully valid without me
> setting an ownertrust on Alice, but Bobbie's trust is marked as unknown.
> Charlie's key is unknown trust with undefined validity.  As I understand
> trust signatures, all keys up to Mallory should be valid, what am I
> missing?

You do understand correctly.  This is a known bug in GnuPG, and will
be fixed for the next version.  If you have the ability to, I'd love
if you would try the patch at:


More information about the Gnupg-users mailing list