1 [[meta title="PGP Trust Models"]]
3 You can see your trust database parameters like this:
5 gpg --with-colons --list-key bogusgarbagehere 2>/dev/null | head -n1
7 for me, it looks like this:
9 tru::1:1220401097:1220465006:3:1:5
11 These colon-delimited records say (in order):
13 * `tru`: this is a trust database record
14 * `<empty>`: the trust database is not stale (might be 'o' for old, or 't' for "built with different trust model and not yet updated")
15 * `1`: uses new "PGP" trust model: this is just the old trust model plus trust signatures. I'll go into trust signatures later.
16 * `1220401097`: seconds since the epoch that i created the trust db.
17 * `1220465006`: seconds after the epoch that the trustdb will need to be rechecked (usually due to the closest pending expiration, etc)
18 * `3`: Either 3 certifications from keys with marginal ownertrust are needed for full User ID+Key validity
19 * `1`: Or 1 certification from a key with full ownertrust is needed for full User ID+Key validity
20 * `5`: `max_cert_depth` (not sure exactly how this is used, though the name is certainly suggestive)