How to check the trust level

David Shaw dshaw at
Sun Nov 22 03:07:59 CET 2009

On Nov 21, 2009, at 6:47 PM, markus reichelt wrote:

> * David Shaw <dshaw at> wrote:
>> If you mean the signature verification level, then it is visible in
>> the --list-sigs output - 3 for "positive" verification, 2 for
>> "casual" verification, and 1 for "persona" (aka didn't check)
>> verification.  If none of these numbers appear, it's a "generic"
>> verification.
> (Just to contribute to the confusion:)
> That's according to the spec, but there are quite a few people out
> there who do not honour the spec (for whatever reasons - not relevant
> here) and have their own definition of sig levels (usually published
> in their signing policy).

The spec disclaims any knowledge of the levels and leaves it up to the  
individual person to decide within some (very rough) guidelines.  This  
is both a good and bad thing :)

It's very possible that Alice's "casual" is stronger than Baker's  

> To sum it up, these days levels 0,2,3 are fine. 1s are a bit strange
> and quite rare - I'd inquire about that kinda sig level.

#1 is very rare, since it essentially means that someone didn't check  
at all.  GPG actually ignores level 1 signatures by default, so that  
makes them even more rare - there is little point in making one since  
GPG won't even see it.


More information about the Gnupg-users mailing list