Jerome Baum jerome at jeromebaum.com
Wed Dec 28 03:25:33 CET 2011

On 2011-12-28 03:08, John A. Wallace wrote:
> --trusted-key long key ID
> Assume that the specified key (which must be given as a full 8 byte key ID)
> is as trustworthy as one of your own secret keys. This option is useful if
> you don't want to keep your secret keys (or one of them) online but still
> want to be able to check the validity of a given recipient's or signator's
> key. 

> I read this definition online, but I can't seem to get a grasp on what it is
> used for.  As it sounds as though it may have use for something I want to
> do, I was hoping someone could elaborate a bit on this.  It may be clear as
> glass to most of you, but I am not seeing it (sorry).  Thanks.

You can't set ultimate trust on a public key unless you have the
corresponding private key. So this is a way of telling gnupg not to
require that, e.g. if you have the key on another computer and gnupg
can't know that.

For instance, I keep two key: 0x215236DA and 0xC58C753A. But only
0xC58C753A is on my machine, 0x215236DA is stored somewhere safe, so I
don't want it on here. But I still want to ultimately trust 0x215236DA
because, well, it's my key. So my gpg.conf says "trusted-key 215236DA".

PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
No situation is so dire that panic cannot make it worse.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 878 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20111228/8124daeb/attachment.pgp>

More information about the Gnupg-users mailing list