Trust signature domain

David Shaw dshaw at
Wed Jan 18 04:03:02 CET 2017

On Jan 16, 2017, at 11:52 AM, John Lane <gnupg at> wrote:
> I'm trying to experiment with trust signatures but I can't work out how
> the 'domain' question is used ?
> I think I understand what it is for, but I can't enter a value and get
> it to work.
> I have a key A that has signed B at and C at
> If I tsign A at level 2 with the domain blank then B and C are fully valid.
> If I tsign A at level 2 with a domain of then neither are
> valid. I expected B to be valid.
>> From what I've read, I think this value might be a regular expression
> and need to be entered in a certain way.

The value is a regular expression internally, but you don't need to enter it as one.   GnuPG automatically takes what you enter into the domain field and converts it to a regexp.  For example:



Can you post the actual user IDs of the keys you are testing with (or a similar set) so I can try them as well?


More information about the Gnupg-users mailing list