On 2011-12-29 03:45, John A. Wallace wrote: > I have a couple of questions about this idea. First, why would you not have > assigned ultimate trust to the public key ID 0x215236DA when you created it > and had your secret key available to do so? I mean, why the delay; what > value to you is your key without having it so trusted? (What point about > trust am I not factoring in here?)
I created the key on another computer, so the secret key was never on this machine in the first place. > Secondly, you said, " So my gpg.conf says > 'trusted-key 215236DA'." Where you shortening it for sake of brevity, as > that is not an 8 byte long key ID? Yeah, another 8 characters would have made the line wrap around. :) > Finally, (and this part may very well > relate to my lack of fully understanding the trust procedures) would I be > specifying and ID in "--trusted-key long key ID" for a key that is one of > mine? If so, why would I need one of "my" keys, as the definition states, in > order "...to check the validity of a given recipient's or signator's key"? > I know I must be missing some critical point ----> woosh! Thanks. Yes, just like in my example, you would usually specify the ID of one of your own keys. So say I've certified your key with my 215236DA. That key is not on this machine, but I'd like my gnupg to consider your email signatures valid. What I'm telling gnupg is that 215236DA is my own key, so any other key that is certified by 215236DA must be valid (presumably because I personally checked this before certifying). trusted-key is really there for the above scenario -- it is my key, but it isn't on this computer, so gnupg can't know unless I tell it. There's basically not much more to it.* * Now, that's a meaningful sentence right there. "Ignoring anything else there is to it, there's not much more to it." -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA -- nameserver 217.79.186.148 nameserver 178.63.26.172 http://opennicproject.org/ -- No situation is so dire that panic cannot make it worse.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
