Understanding --status-fd output
Werner Koch
wk at gnupg.org
Mon Aug 29 14:17:48 CEST 2011
On Sun, 28 Aug 2011 15:29, Mike_Acker at charter.net said:
> from using GPG4WIN I note: a signature may be marked:
>
> valid|not valid
> Trusted|not Trusted
It should be "valid". However gpg4win is collection of different tools
all with a different history.
> "Trust" or "owner trust" refers to whether I trust the owner of a key
> sent to me. this trust can be
This is a misconception. You assign an "owner trust" to indicate your
estimation on how faithful someone signs other keys.
> IN ADDITION: you will note that on an x.509 certificate there is a
> second trust flag: for software. This is CRITICAL to the security of
> Authenticode which is used for software updates
It basically says, the malware authors spend a few bugs on buying a
compromised key for the certificate.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list