Changing & verifying the --max-cert-depth in Windows

David Shaw dshaw at
Thu Mar 4 23:22:44 CET 2010

On Mar 4, 2010, at 3:52 PM, Daniel Kahn Gillmor wrote:

> On 03/04/2010 01:01 PM, Grant Olson wrote:
>> On 3/4/2010 12:45 PM, Daniel Kahn Gillmor wrote:
>>> I'm also not sure what the "signed: 128" suggests in the "depth: 1"
>>> line.  Surely of all 83 keys i've certified, they have collectively
>>> issued more than 128 certifications themselves.  maybe someone else can
>>> explain that bit?
>> I believe that's the number of keys they've signed that are in your
>> keyring.  The signature attaches to the recipient's key, not the
>> signer's.  So if you don't have the recipient's key in your keyring, you
>> don't even know it's been signed by one of the keys you've certified.
> I've got a large-ish keyring (>1300 keys), and it's fairly regularly
> refreshed.  i'm pretty sure that of the 83 keys that i've signed,
> they've made more than 128 certifications in aggregate, even if we only
> count keys themselves and not UIDs (that is, even if a key with multiple
> certified User IDs only counts once).

The "signed" value only counts signatures made on keys that you have in your keyring.  Those 83 keys may have made more certifications, but you don't have local copies of the other keys that they may have signed.


More information about the Gnupg-users mailing list