gpgsm and trusted keys

Jens Lechtenboerger cloudpg at
Tue Dec 17 18:57:48 CET 2013

Hi there,

after I imported my private key into gpgsm, it was not trusted for
signatures by gpgsm, because the root CA was not trusted.

After enabling allow-mark-trusted in gpg-agent.conf, gpg-agent asks
whether I trust the root CA.  Saying "yes" creates
~/.gnupg/trustlist.txt with the root certificate's fingerprint, and
the key becomes usable.

However, I actually don't trust them, so I don't want their
fingerprint in trustlist.txt.  Instead, I do trust the intermediate
CA, which signed my certificate request.  Manually adding their
fingerprint to trustlist.txt did not work, though.  I was still
asked for trust in the root CA, and saying "No" resulted in a failed

Is there a way to mark intermediate CAs as trusted so that all
certificates issued by them become usable?


More information about the Gnupg-users mailing list