Question from GPG

Raimar Sandner mail at
Thu May 21 15:01:30 CEST 2009

On Wednesday 20 May 2009 19:53:47 Fayina Zaporozhets wrote:

> I did trust and signed the key before:
> C:\GNU\GnuPG>gpg --edit-key E3655B17
> gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.

> pub  1024D/E3655B17  created: 2008-07-14  expires: 2018-07-12  usage: SC
>                      trust: ultimate      validity: ultimate
> sub  2048g/5A85DEB2  created: 2008-07-14  expires: 2018-07-12  usage: E
> [ultimate] (1). Schneider B2B Services - UAT/Training (UAT and Training
> Key.) <e

So if I understand correctly, 0CA9461C is your own key and E3655B17 is the key 
of your correspondence.

Only your own key, for which you have a secret key availible, should have 
ownertrust "ultimate". For other keys "full" trust should be the maximum trust 

It is also important to note, that the "trust" level that you have chosen 
refers to the trust you have for the _owner_ of the key, that is how much you 
trust him or her to sign other keys correctly. This value does not affect the 
validity of the key in question, it can only affect the validity of keys in the 
next level of a trust chain (keys signed by this one which you have not signed 

Set the ownertrust for E3655B17 to "full", run gpg --check-trustdb, and please 
paste the output of "gpg --edit-key E3655B17 check".


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20090521/a12b222d/attachment.pgp>

More information about the Gnupg-users mailing list