Trust signature domain

John Lane gnupg at
Wed Jan 18 17:34:13 CET 2017

On 18/01/17 15:39, Damien Goutte-Gattat wrote:

> I believe there's a bug in the handling of the regular expression
> associated with a trust signature. I've just submitted a patch to fix it
> [1]. With that patch applied, I get the expected result for step 10
> (Blake's key is fully valid, not the others') and step 14 (Blake's key
> is fully valid, and so are Chloe's and David's keys).

thanks for that. I thought I was going mad!
I will look out for an update that contains your patch...

> For step 16, none of the keys are valid, but I think that's the expected
> behavior: you signed Introducer with a level 2 trust signature
> restricted to, so the signature of Blake's key (which as an
> UID) is rightly ignored. Blake's key is thus of unknown
> validity and his signatures on Chloe's and David's keys are ignored as
> well.

I agree, I added that test because I wondered if I had misunderstood how
it ought to work.

> (Side note: you can use the '%transient-key' directive when
> batch-generating keys for testing purposes. This instructs GnuPG to use
> a less secure but faster random number generator, thus speeding up the
> generation process.)

I don't know how I missed that... right below %no-protection which I did
use :)

much appreciated your fast response to my query.

More information about the Gnupg-users mailing list