On Thu 2017-08-17 22:39:21 -0300, Duane Whitty wrote: > Sounds like a good approach but for someone who has more public keys > stored than me. I only exchange encrypted email with a very, very > small group of people and I am in regular voice communication with > them.
If you're going to manage a keyring manually, this is the right way to do it, regardless of how many OpenPGP certificates you have in your keyring. (it's actually easier to do when you only have a few) > I guess using that approach I could import public keys from users on > this list and then assign them various levels of trust, right down to > no trust and not locally signed at all. Note that nothing i outlined in my earlier suggestions involved you setting "trust levels" (a.k.a. "ownertrust") at all. setting "full trust" on a key means "i'm willing to accept identity assertions made by the owner of this key" -- it's equivalent to "adding a root CA to your browser" in some sense. You can use GnuPG for years without ever setting any sort of ownertrust on any key but your own (and if you generated your key in gpg, it probably already has ultimate ownertrust). Start with "whose keys do i believe i've checked?" -- that's plain keysigning. then, only later, if you really want to get into the whole web-of-trust thing, should you consider setting ownertrust. > I suppose I chose to use apt or apt-get because it seems like a more > convenient way to update things as opposed to getting it straight from > Oracle. well said :) > What I mean is that I have 2 email addresses which each have a > different private key. The key for du...@nofroth.com has is > associated with private counterpart to the key you fetched. I have > another email address with a different private key associated to it. i see, so you're talking about signing with a different key (not a different uid). You might want to look into adding the --default-key or --local-user options before you do your next --edit-key operation. All the best, --dkg
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users