Hello Newsgroup, or shall I say "breaker 1-9" as Usenet seems to be
about as active as CB radio is these days...
I'm trying to wrap my head around the trust levels.
But it's just a text file of fingerprint and my trust levels. Anyone
could create a text file like that and feed it into gpg with new
trust levels. It's not signed, I can't say "import these levels,
but only accept them if they came from someone I trust"
What am I missing?
Thanks to any ghosts of usenet past for answering. :-)
Hello Newsgroup, or shall I say "breaker 1-9" as Usenet seems to be
about as active as CB radio is these days...
I'm trying to wrap my head around the trust levels.
I get the idea that I can sign someones key which will let people know
that key is more trustworthy, assuming they trust my key.
What I don't understand, and I'm hoping you can help me, is how to
export and import that trust. All the guides I've seen talk about
keyservers, but suppose I don't have access to the keyserver?
Something like:
$ gpg --sign-key [keyid]
$ gpg --export-trustdb-or-something [keyid] >file.cert
Where "file.cert" would, presumably have my key along with the the key I signed that could then be imported by other people.
There's this: --export-ownertrust
But it's just a text file of fingerprint and my trust levels. Anyone
could create a text file like that and feed it into gpg with new trust levels. It's not signed, I can't say "import these levels, but only
accept them if they came from someone I trust"
What am I missing?
Thanks to any ghosts of usenet past for answering. :-)
I'm trying to wrap my head around the trust levels.
I get the idea that I can sign someones key which will let people know
that key is more trustworthy, assuming they trust my key.
What I don't understand, and I'm hoping you can help me, is how to
export and import that trust.
Something like:
$ gpg --sign-key [keyid]
$ gpg --export-trustdb-or-something [keyid] >file.cert
Where "file.cert" would, presumably have my key along with the the key I >signed that could then be imported by other people.
What am I missing?
Hello Newsgroup, or shall I say "breaker 1-9" as Usenet seems to be
about as active as CB radio is these days...
I'm trying to wrap my head around the trust levels.
On Wed, 02 Mar 2022 01:06:37 -0500, <joe@raspberry.invalid> wrote:
Hello Newsgroup, or shall I say "breaker 1-9" as Usenet seems to be
about as active as CB radio is these days...
:-)
I'm trying to wrap my head around the trust levels.
Others have answered the specific question. Just wanted to point out there is https://www.gnupg.org/faq/gnupg-faq.html that has a lot of info too.
David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:
On Wed, 02 Mar 2022 01:06:37 -0500, <joe@raspberry.invalid> wrote:
Hello Newsgroup, or shall I say "breaker 1-9" as Usenet seems to be
about as active as CB radio is these days...
:-)
I'm trying to wrap my head around the trust levels.
Others have answered the specific question. Just wanted to point out there is
https://www.gnupg.org/faq/gnupg-faq.html that has a lot of info too.
I am really impressed anyone answered at all!
I do have the gpg info files installed, there's a zillion pages out
there filled with information about PGP, but not much about how the web
of trust works, or at least, none that I found (perhaps because it was
buried under the 500,000 pages offering helpful advice on how to setup
PGP)
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 300 |
Nodes: | 16 (2 / 14) |
Uptime: | 52:25:46 |
Calls: | 6,712 |
Calls today: | 5 |
Files: | 12,243 |
Messages: | 5,355,177 |
Posted today: | 1 |