Newbie questions about keyring maintenance

Benjamin Esham bdesham at gmail.com
Thu Aug 5 20:34:58 CEST 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

I've been using GnuPG for personal things for many years, but I've only
recently started to try to understand the "social" aspects, like signing
others' keys and the trust model.  I have a bunch of basic questions that I
was hoping people here could answer.  (If these are answered by some
beginners' guide then a link to that would be appreciated too!)  I'm running
GnuPG 2 on Mac OS X.

1. Right now, my crontab contains

     gpg2 -q --batch --refresh-keys
     gpg2 -q --batch --update-trustdb

   This will grab new copies of the public keys from the servers and then
   recalculate the trust relationships.  (There's a thirty-minute gap in
   between to allow for the downloading to take place.)  Is it necessary to
   manually update the trust database this often?  Are there any other
   commands I should run periodically to maintain my keyring?

2. During the update process, I get a bunch of lines like

     gpg: requesting key 1234ABCD from hkp server subkeys.pgp.net

   Is there any reason this is displayed even though I've invoked GPG with
   -q?  I get an e-mail whenever this command produces output, so it would
   be nice if GPG would really be quiet unless there were an error.

3. During the update process, I also get errors like

     gpgkeys: key 1A2B3C4D[...] not found on keyserver

   Is there something I should configure differently in order to avoid this?

4. When I run gpg2 --update-trustdb, I get a message like

     gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
     gpg: depth: 0  valid:   1  signed:   1  trust: 0-, 0q, 0n, 0m, 0f, 1u
     gpg: depth: 1  valid:   1  signed:  10  trust: 0-, 1q, 0n, 0m, 0f, 0u
     gpg: next trustdb check due at 2010-07-24

   How do I interpret this output?  Also, given a certain key, how can I get
   GPG to tell me what its trust status is?  (For example, "this key is not
   signed by you, but it is signed by two keys you consider fully trusted,
   so it is valid", etc.)

Thanks a lot for any answers!

- -- 
Benjamin D. Esham   |   bdesham at gmail.com
   Te audire non possum est. Musa fixa in aure sapientum est.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)

iEYEARECAAYFAkxbBFIACgkQzOC3TdZ2u5odawCg7tEQ3OcWM7gWuDmAMlAMySGU
7g4AoMKRCr4QUqwEySZE3iB9aKPEP9GD
=LSck
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list