Discuss this help topic in SecureBlackbox Forum

Set trust level for an OpenPGP key

Unlike X.509 PKI environments, OpenPGP ecosystem does not employ the concept of implicit trust - i.e. the trust concluded by following a chain of certified keys up to some publicly distributed root key. Instead, a concept of explicit trust is used, where each public key is assigned with a trust indicator by every OpenPGP user individually. Each OpenPGP participant makes their own decision whether to trust a particular key, so keys trusted by one user might not be trusted by the other. The trust flags therefore are kept in user's local public keyring together with the public keys they have, and are normally not included when a public key is exported.

Trust flags for a particular key, user ID or signature object can be controlled via their Trust property. The property, which is of TElPGPTrust type, allows to adjust trust flags flexibly in accordance with your specific requirements.

However, in most cases an easier method can be used. The TElPGPPublicKey.KeyTrust property allows you to assign the key with a 'typical' trust flag, one of ktUndefined, ktNone, ktMarginal, ktTrusted and ktImplicit. The setter of KeyTrust property will tune-up the Trust objects of all related key elements (key, subkeys, user IDs and signatures) automatically in accordance with the provided trust flag, so you wouldn't need to adjust them manually.

Remember that you need to re-save your public keyring after modifying key's trust flags.

How To articles about OpenPGP key management

Discuss this help topic in SecureBlackbox Forum