19

When you trust a GnuPG key, you can choose one of these five options (and I'm assuming the same options exist in other OpenPGP tools):

1 = I don't know or won't say (undefined)
2 = I do NOT trust (never)
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately

If you look at the options as "variables" used for "calculating" validity, never, marginal, and full are all clear. However, if so, I'm not sure how ultimate fits into the picture during the calculations.

What is the difference between the last two in the list?

IQAndreas
  • 6,557
  • 8
  • 32
  • 51

2 Answers2

21

Ultimate trust means that the key is allowed as introducer in the web of trust. This means, if a key is ultimately trusted, all certified keys are considered valid, no matter if there is a trust path to the ultimately trusted key. This does not require you to posses the private keys, but you usually will do.

Full trust (by default, this can be adjusted) also makes keys certified by the fully trusted key considered trusted, if and only if the fully trusted key is valid itself (thus, there is a certification path from an ultimately trusted key).

Marginal trust works similar to full trust, but requires multiple incoming certifications from other marginally valid keys.

Jens Erat
  • 23,446
  • 12
  • 72
  • 96
-3

Ultimate means you have the private key. In terms of calculating the web of trust relationships, full and ultimate have the same weight.

mricon
  • 6,238
  • 22
  • 27