Newbie questions about keyring maintenance
bdesham at gmail.com
Thu Aug 5 20:34:58 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
I've been using GnuPG for personal things for many years, but I've only
recently started to try to understand the "social" aspects, like signing
others' keys and the trust model. I have a bunch of basic questions that I
was hoping people here could answer. (If these are answered by some
beginners' guide then a link to that would be appreciated too!) I'm running
GnuPG 2 on Mac OS X.
1. Right now, my crontab contains
gpg2 -q --batch --refresh-keys
gpg2 -q --batch --update-trustdb
This will grab new copies of the public keys from the servers and then
recalculate the trust relationships. (There's a thirty-minute gap in
between to allow for the downloading to take place.) Is it necessary to
manually update the trust database this often? Are there any other
commands I should run periodically to maintain my keyring?
2. During the update process, I get a bunch of lines like
gpg: requesting key 1234ABCD from hkp server subkeys.pgp.net
Is there any reason this is displayed even though I've invoked GPG with
-q? I get an e-mail whenever this command produces output, so it would
be nice if GPG would really be quiet unless there were an error.
3. During the update process, I also get errors like
gpgkeys: key 1A2B3C4D[...] not found on keyserver
Is there something I should configure differently in order to avoid this?
4. When I run gpg2 --update-trustdb, I get a message like
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 1 signed: 10 trust: 0-, 1q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2010-07-24
How do I interpret this output? Also, given a certain key, how can I get
GPG to tell me what its trust status is? (For example, "this key is not
signed by you, but it is signed by two keys you consider fully trusted,
so it is valid", etc.)
Thanks a lot for any answers!
Benjamin D. Esham | bdesham at gmail.com
Te audire non possum est. Musa fixa in aure sapientum est.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
-----END PGP SIGNATURE-----
More information about the Gnupg-users