technical question: effect of trust-model always and what validity 'n' means

Nicolai Josuttis nico at
Wed Apr 23 00:22:01 CEST 2014

Before we continue to discuss "trust" and "valid",
allow me again to raise some technical questions regarding
GPG options and values, which I at least didn't understand
by reading docs and (roughly) source code
(but I need a clear understanding to program a frontend on it).

a) What is the effect of --trust-model always in detail?
Does it mean that when sending emails the
calculated validity is completely ignored
(so that even 'e' and 'r' count as "valid")
or does it "only" mean that '-', 'q', and 'm' count as valid
as 'f' does with the default trust models?

b) What does the calculated validity 'n' means and when
   is it created?
- doc/DETAILS says:
   n = The key is valid
- the GPG manual says:
   n Never trust this key.
- In the source code, it seems to be created
  in combination with GPG_ERR_NOT_TRUSTED:
   >       else if (gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED)
   >         *truststring = 'n';  /* No, we do not trust this one. */

c) IF 'n' means "never trust this key",
   why is it "higher rated" than unknown?
What I mean is: In code and doc there is always the following order:
>     case TRUST_UNDEFINED: min_num=1; break;
>     case TRUST_NEVER:     min_num=2; break;
>     case TRUST_MARGINAL:  min_num=3; break;
>     case TRUST_FULLY:     min_num=4; break;
> - = Unknown validity (i.e. no value assigned)
> q = Undefined validity
> n = The key is valid
> m = The key is marginal valid.
> f = The key is fully valid
> u = The key is ultimately valid.  

This leads to the impression that the order is from minimal
to maximal trust.
However, that's not how I would sort it.
For me not knowing whether I can trust is better
than knowing that I can not trust.
Thus, IMO, the order should be
Am I missing something?


More information about the Gnupg-users mailing list