Hello,
For some key in my keyring that GnuPG considers valid due to the web of
trust I would like to understand why it does so. I can list all the
signatures with --list-sigs, but is there any way (short to writing a
script myself) to mark those signatures that are actually considered
trusted?
T
Hi,
Is it possible with gpgsm to trust a specific sender while not
trusting the CA? I tried putting the key’s fingerprint into
trustlist.txt, but this doesn’t seem to work for individual keys.
Christoph
___
Gnupg-users mailing list
Gnupg-users@gnu
Hello,
Through an article [1] in LWN, I stumbled across a thread [2] on this
list that dealt with the usefulness of smartcards for storing
OpenPGP keys.
I understand that OpenPGP smartcards do not protect from a compromise
of the computer system that they are used with. As Peter Lebbing puts
it
Robert J. Hansen wrote:
> On 2020-01-06 18:26, Christoph Groth wrote:
> >
> > But then he also mentions his 128-bit passphrase and that he would
> > be OK to publish his (passphrase-protected) private key in
> > a newspaper. Why then not store it on the disks of multi
Wiktor Kwapisiewicz wrote:
> There is one feature of smartcards that's hard to reproduce otherwise:
> once you pull the smartcard out of the port the attacker can't use it.
>
> (...)
Thanks, that’s a good point! So if one’s concern is signing or
authentication, this is indeed useful. However,
