Need help understanding the difference between assigning owner trust and key validity.

Steven W. Orr steveo at
Sat Jun 13 08:24:35 CEST 2009

Hash: SHA1

There's a pgp concept that I'm not comfortable with. It has to do with the
difference between owner trust and key validity. And I say comfortable, not
because I don't like it or that I don't think it doesn't work; I just don't
feel like I understand it well enough to be doing it right.

When I got your key, AND I know it came from you, then I set your key in my
ring with owner trust of "trusted". But I didn't set the key validity. My
understanding is that if I set your key validity then I'm signing my
public key with your public key. (Someone please correct me if I'm way off.)

Then for other people to see that I trust you, I would then have to re-upload
my public key to the keyserver network. Only those people who would refresh my
key from the servers would then see that I trust you.

Can someone please confirm that what I just said is correct?

If this is true, then how do I know how often I need to refresh the public
keys that I have on my keyring?


- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -


More information about the Gnupg-users mailing list