Aspects of trust

Grant Olson kgo at
Tue Jun 14 21:46:20 CEST 2011

On 6/14/11 3:35 PM, Kerrick Staley wrote:
> OK, I think I understand:
> Validity and trust are separate, but GnuPG lumps "validity" and
> "trust, for the sole purpose of signing others' keys" together into a
> single value (which is one of "unknown", "never", "marginal", "full",
> and "ultimate"). One can imagine situations in which a key's owner is
> "never" trusted to sign others' keys, but one would still like to keep
> track of how valid the key itself is ("unknown", "marginal" or
> "full"). However, such situations are corner cases, and GnuPG doesn't
> provide facilities for dealing with them.
> Is this correct?
> Thanks,
> Kerrick Staley

No.  It's two values.

Validity is established by signing a key, or via web-of-trust calculations.

Trust is a different value, which can be set through --edit-key, or by
running "gpg --update-trustdb"

If you sign a key, establishing validity, but don't give it at least
marginal trust, it won't be used in your web-of-trust calculations.


"I am gravely disappointed. Again you have made me unleash my dogs of war."

More information about the Gnupg-users mailing list