Question about signing keys and trust.
geniegate at yahoo.com
Wed Mar 15 22:14:37 CET 2017
It's been a few years since I've messed with gpg, but I have an application that needs something kind of like distributed groups.
Lets say I have: "key group" (which is owned by who-cares, it's a public key only that represents a group of people)
I have a person, lets say William Smith who has his key signed by who-cares
William Smith then signs Betty Boop with his key.
So William Smith and Betty Boop are sort of like members of "key group" because Betty Boop has a signature by someone who has their key signed by
the key group, and if Betty Boop signs someone, up to n-depth, then those people become members of "key group". No one has authority to add or
remove people, except other members of the same group.
... fast forward ..
In the application, lets say it's a spam fighting tool, a Betty Boop marks a message as spam.
I trust members of "key group" to mark spam, but I don't trust them with everything, just marking spam, so the spam message is deleted.
Popeye, who is a member of "alien group" marks something as spam too, but since popeye doesn't have a key signed by someone in "key group", I do not trust him to flag messages as spam, so I just ignore it.
Basically, I'm trying to implement something akin to a distributed group system where members of a group can (to a configurable point) include others and I had thought perhaps I could coax GPG into doing this, since I'll also need to do a lot of other stuff with GPG, it just makes sense to try and use the key system for it if I can.
Problem is I can't see how! Is there a way I can look at someones public key and (without importing anything into my personal key files) list in a kind of chain fashion how many other signers there were? In the above, I'll have access to the public keys of Betty Boop, Popeye, William Smith and "key group".
I admit, GPG probably wasn't designed for this, and I don't really get the whole trust level thing.. and if it's impossible or impractical I'll find another way, but it would be convenient.
Any pointers on where I should look?
More information about the Gnupg-users