Hi! > Do I have to sign it? Is there no way to configure gpg locally to > say "the info in this key (fingerprint) is accurate", without having > to sign?
You have to sign it; that's how it works :). > Is the semantics of signing with lsign or sign "the info in this key > is accurate"? Yes. "The info" is contained in a UID, and you separately sign any UID's you've verified. A signature done with lsign will not be exported to others (unless you force GnuPG to do so), so you use it if you want the fact that you verified it to only be known to yourself. A regular "sign" command marks it exportable. > Is this separate from the "trust" thing, which is for trusting this > key to certify others? Yes, exactly. I can see you've read documentation! People always get confused by ownertrust and validity; you've got it right in one go. Since "trust" is such a broad concept, I always try to refer to it as "ownertrust", to narrow it down to the specifics. > When I had first signed an imported key, it > showed "trust: unknown". But when I did "trust", then "1 = I don't > know or won't say", it showed "trust: undefined". What is the > difference between these two values? It makes no difference with regard to validity calculations. It's just for your own information. The former would imply you still need to assess the trust, where the latter means you assessed it and still don't know, or won't say. There's a command to set the trust for all keys for which it hasn't been set yet; this command would skip "undefined" but ask you about "unknown". > Am I right in thinking it's the "validity" field which is affected by > "sign"? Yes. > Why is this not updated at all until the program is restarted? My guess is that it's because it's quite an intensive calculation, and you don't want to have that slowing down your interaction with the program in this run. Any change of trust or validity requires re-calculating all validity values for keys, since a newly valid, trusted key may in turn make other keys valid, which in turn... Obviously, it would be possible to recalculate only the affected part, but that's not how it's implemented: it will recalculate everything. > Keeping the model of one having to save one's changes, couldn't the > program display "validity: unknown (unsaved: full)" or somesuch, thus > showing the user what change has been performed by their action? It would technically be possible. But I don't think it would be high on a TODO list :). HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
