Mailing List Archive

Trust deepths (tsign)
Hi all.

As we all know, with tsign, you can set a trust deepth and a trust
domain.

I did not find any way to change this options afterwards. Is this
intented?

Bernhard Reiter suggested I should ask this question on the developers
list.

I know, one can delete the key, reimport it an set a new trust lebel,
but this seems not to be the best way, IMHO.

Regards,
Dirk

--
Dirk Gottschalk
Ardennenstrasse 25
52076 Aachen, Germany

GPG: 4278 1FCA 035A 9A63 4166 CE11 7544 0AD9 4996 F380
Keybase.io: https://keybase.io/dgottschalk
GitHub: https://github.com/Dirk1980ac
Re: Trust deepths (tsign) [ In reply to ]
Hi,

On Wed, May 08, 2019 at 03:23:08PM +0200, Dirk Gottschalk via Gnupg-devel wrote:
>As we all know, with tsign, you can set a trust deepth and a trust
>domain.
>
>I did not find any way to change this options afterwards. Is this
>intented?

Yes. A trust signature (tsign) is first and foremost, well, a signature.
You cannot change it after it has been emitted.


>I know, one can delete the key, reimport it an set a new trust lebel,
>but this seems not to be the best way, IMHO.

If the trust signature is only present on your own keyring (meaning that
after signing the key you have not sent it back to its owner, or
uploaded to a keyserver, or published it in any way), then you can
simply delete the trust signature (`delsig` command in gpg's key
editor).

Otherwise, if the signature is already out, then there's no point in
removing it from your keyring (any later refresh from a keyserver would
import the signature back). What you can do instead is to *revoke* the
first signature and then emit a new trust signature.

Hope that helps,

- Damien