How to find and verify a trust path?

Philip Jägenstedt philip at foolip.org
Sun Sep 15 11:33:06 CEST 2013


Hi all,

Let's assume that I have signed enough keys and assigned enough
ownertrust so that if I had all the world's keys locally and did `gpg
--list-key --list-options show-uid-validity` I would see a bunch of
keys as valid via the web of trust.

Is there a way to determine if a given key would be valid in this case
without actually importing all the world's keys? It seems like the
keyserver ought to be able to find trust paths and that the keys could
then be downloaded and verified locally, but I've not found anything
to do this.

The practical problem I'm trying to solve is how to determine if a
signed git tag is in fact from a key I can trust without a lot of
manual work.

-- 
Philip Jägenstedt



More information about the Gnupg-users mailing list