I always misplace this information, so I’m saving it here for (hopefully) easier access next time. By default, gpg will sign keys without specifying a certification level (ie it will set it to 0, which means unspecified). If you want to change this behavior, you can add ask-cert-level in the configuration file (gpg.conf, I don’t know where it’s hidden in Windows…), or more simply launch gpg with the --ask-cert-level parameter. Note that this must be specified before the --edit-key parameter, like:
gpg --ask-cert-level --edit-key [keyID]
Then simply type sign, and before signing gpg will first ask you for the signature level that you want to use. As a reminder:
- 0 = unspecified
- 1 = no verification – I use this one only locally, when I haven’t seen any ID but need the key to be signed for convenience
- 2 = casual verification – I use this one when I’ve checked some official ID but don’t know the person otherwise
- 3 = extensive verification – I only use this one when I’ve checked some official ID and personally know the person to some extent
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.