Expanding web-of-trust with subkey

Peter Lebbing peter at digitalbrains.com
Wed Feb 15 13:34:39 CET 2017

On 15/02/17 04:02, Didrik Nordström wrote:
> I wanted to send an email to a new contact (a bug report to a software
> project) so I added the public key and assigned it "Fully trusted" (4).

In addition to Kristian's answer, let me clarify:

"Ownertrust" is your assessment of how much you want to trust
certifications *done* by this person. So if this person A signed the key
of a person B, it determines whether this makes key B valid for you. It
does not relate to the validity of the key of person A!

I've written a bit about ownertrust for the keysigning party we held
last December:


In particular, the first section is relevant.

> Does this have to do with me not having signed the key? If I assigned it
> "Ultimate trust" (5) the warning disappeared.

"Ultimate trust" is the odd one out and is generally only used for your
own keys. This makes the key valid even without a signature.

> So.. Do I need access to my master key in order to expand my web of
> trust? This seems like quite a restriction.

You could also perhaps take a look at TOFU rather than the Web of Trust.
You do need GnuPG 2.1 for that.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170215/af68dd37/attachment.sig>

More information about the Gnupg-users mailing list