GPG key signing

Question

GnuPG was warning me each time I use someone's key:

There is no assurance this key belongs to the named user
Use this key anyway? (y/N)

To get rid of this warning I signed his key:

gpg --sign-key [email]

Then the first time I used GPG I got this message:

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   1  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   1  signed:   0  trust: 1-, 0q, 0n, 0m, 0f, 0u

But after the first usage no longer this message. What is the meaning of this message? Which "trustdb" is it checking? Something on the internet or what?

mricon · Answer 1 · 2022-05-26T17:34:17.923

1

Every time you sign someone's key, your local trust db must be rebuilt to include the latest changes. GnuPG will often recognize cases where the trustdb needs updating, so it will often rebuild it automatically, giving the output you saw above. Only your local trust db is built during this process.

You can trigger a rebuild manually by running gpg --update-trustdb.

edited May 26 '22 at 17:34

answered Sep 30 '15 at 20:43

mricon

6,238
22
27

@KarlMorrison fixed, thanks – mricon May 26 '22 at 17:34

GPG key signing

1 Answers1