On Freitag, 14. Juni 2024 03:16:42 CEST Eason Lu via Gnupg-users wrote: > Thank you Francesco that does help, > I did not realize that by signing the public key, it is also mark as > trusted, thanks
"trusted" is an ambiguous word in OpenPGP, i.e. it's use for different things. By signing a public key (or, more precisely, one or more user IDs of the public key) you certify that this public key is controlled by the person(s) referenced in the user ID(s) that you signed. "certified" would be a better alternative for "trusted" in this case. You can create "local" non‐exportable certifications for your own use (by using --lsign-key) and exportable certifications for sharing them with others (--sign-key). By setting the owner trust of a public key (let's call it "T") to "full trust" you tell gpg that you trust that the owner of this public key does a good job when they certify other public keys. If you additionally certify the public key "T" then your gpg will consider other public keys that are certified with "T" as "certified". This is (part of) how the web-of-trust works. Owner trust is never exported with a public key, i.e. its only used for yourself. When you generate a new key then its owner trust is automatically set to "ultimate". Public keys with "ultimate" owner trust are considered as "certified" by gpg without further certifications. You should only use "ultimate" owner trust for your own keys. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users