Changing & verifying the --max-cert-depth in Windows

Grant Olson kgo at
Thu Mar 4 18:51:32 CET 2010

On 3/4/2010 8:18 AM, erythrocyte wrote:
> And then:
>        gpg --check-trustdb
> And here's the output of the last command:
>       gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
>       gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
>       gpg: next trustdb check due at 2011-03-03
> It mentions that the --marginals-needed option is set to 3. And
> --completes-needed option is set to 1. Which I think I'm okay with.
> But the depth mentioned is 0!
> Why hasn't it changed? And how do I verify my current --max-cert-depth value?

If you haven't signed any keys, then there's nowhere to go.  The
certificate depth starts with keys you've signed.  Then it looks at the
keys those keys have signed.  Etc.  Etc.

Since you haven't signed any keys, the chain of trust doesn't have
anywhere to begin.  So it's showing that the only key you trust is your
own, that's the 1u, and that's at the zeroth level of certificate depth.

If you want to test, sign a few keys with the local non-exportable
option and you'll see depth: 1 and possibly more.  Or maybe locally sign
something like the PGP Global Directory key, or configure the gswot keys.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100304/c0afac44/attachment.pgp>

More information about the Gnupg-users mailing list