Understanding the "--refresh-keys" output

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Jun 16 16:38:06 CEST 2011

On 06/16/2011 09:31 AM, David Shaw wrote:
> Line 9 is just a key count.  You have 17 valid keys.  All of them ("u") are ultimately trusted, which suggests that you have 17 keys that you have generated as ultimate trust is generally used for people's own keys.  (If you can't trust yourself, who can you trust?)

17 keys is a lot of keys to have generated yourself (though there are
some circumstances where i'm sure it makes some sort of sense).  But if
those aren't all your own keys:

If you have been in the habit of assigning ultimate ownertrust to keys
other than your own, you probably want to reconsider that decision.

ultimate ownertrust allows a keyholder to make any certification
whatsoever (including over their own keys) and have you accept their

In general, use full or marginal ownertrust for parties other than yourself.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110616/cd686275/attachment.pgp>

More information about the Gnupg-users mailing list