On Mon 2025-10-13 10:51:40 +0100, Daniel Cerqueira wrote: > Werner Koch <[email protected]> writes: >> On Fri, 10 Oct 2025 23:51, Daniel Cerqueira said: >> >>> I am studying GnuPG, and I would like to know what are the effects of >>> using '--default-cert-level', besides it adding a number information in >>> the output of '--check-sigs' ? Are there some (other) effects? >> >> Key signatures have different classes: 0x10 to 0x13 which correspond >> with the cert levels. If you create a self-signature (e.g. new >> user-id) level 3 is used. In all other cases level 0 is used by >> default or whatever youset with --default-cert-level. >> >> When evaluating the validity of a key (building the trustdb) by default >> only key signatures of level 0, 2, and 3 are considered. This can be >> changed with --min-cert-level. > > Thank you for the reply. I guess that information is enough.
Some of the regular readers of this list (including myself) think that the cert-level features in gpg (and the certification levels in the underlying standard, OpenPGP) are misfeatures. Leaving things as the default is the most reasonable way to go: https://dkg.fifthhorseman.net/blog/gpg-ask-cert-level-considered-harmful.html Regards, --dkg
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
