Local-signing without (offline) private master key

André Colomb andre at colomb.de
Thu Sep 15 09:17:22 CEST 2016

Damien Goutte-Gattat <dgouttegattat at incenp.org> wrote on 2016-09-12
14:16 (UTC+0200)
> If you're already using GnuPG >= 2.1.10 (with support for the TOFU
> model), I would argue this is your best option.

This sounds reasonable. I'm on Ubuntu 16.04, GnuPG 2.1.11, so the TOFU
stuff seems to work fine.

It seems hard to discover the current TOFU ratings for individual keys.
The man page only says "see: [trust-model-tofu]" in some places, and
there is no option to show the trust status except for the classic WoT
checking. Looking at the SQLite database at least gives some indication,
but is not easy data to interpret.

Did I miss some option here, or are any such additions planned?

From: André Colomb <andre at colomb.de>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160915/15c2b665/attachment.sig>

More information about the Gnupg-users mailing list