output of --check-trustdb
Ingo Klöcker
kloecker at kde.org
Tue Aug 21 23:24:48 CEST 2012
On Sunday 19 August 2012, Hauke Laging wrote:
> Hello,
>
> I am trying to understand how the trust calculations work and I think
> I have made serious progress in that... ;-)
>
> There are at least two things I have not understood yet:
>
> 1) Is it possible to have the ownertrust value shown with
> --list-keys? Validity can be shown. I had expected a parameter like
> show-ownertrust for ‑‑list-options.
>
> 2) I do not understand the "signed" column in the output of
> --check-trustdb. I read something about that but it doesn't make
> sense to me. It seems generally difficult to find good information
> about that.
>
> start cmd:> LC_ALL=C gpg --check-trustdb
> gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
> gpg: depth: 0 valid: 17 signed: 26 trust: 0-, 0q, 0n, 0m, 0f,
> 17u
> gpg: depth: 1 valid: 26 signed: 3 trust: 0-, 0q, 10n, 8m,
> 8f, 0u
> gpg: depth: 2 valid: 3 signed: 0 trust: 0-, 0q, 0n,
> 1m, 2f, 0u
Just looking at the numbers I'd say that "signed" is the number of keys
signed by the valid keys. In your example, there are 26 keys that are
signed in depth 0. And there are 26 keys that are valid in depth 1
(because they are validated by the ultimately trusted keys from depth
0). The same pattern repeats for signed keys in depth 1 and valid keys
in depth 2.
In my keyring I only see this pattern for signed keys in depth 0 and
valid keys in depth 1. OTOH, for depth 1 I get signed: 206, but in depth
2 I only get valid: 37. My guess is that "signed" counts the number of
all keys in the keyring that are signed by any of the valid keys in the
corresponding depth. In particular, this number also includes keys that
are valid in the same depth or a lower depth. If your test keyring is a
tree (or a set of unconnected trees) then this would support my
hypothesis.
Of course, I could be completely wrong and the "signed" number is
something entirely different. :-)
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20120821/9d0eff62/attachment.pgp>
More information about the Gnupg-users
mailing list