Certification and Certify

I’m trying to understand the differences in Kleopatra between “Change Certification Trust” and Certify for imported public keys. I had thought they are basically the same thing but apparently not.

Thanks

Hi Mark,
with the action “certify” you tell others that you think the public key is good.

With “certification trust” you decide how much you yourself trust certifications
made with the key indicated by the public key.

Does this make sense to you?

Best Regards,
Bernhard

Hi Bernhard,

That is what I was kinda thinking but then when I saw the option box under the Advanced drop down for “Certify for everyone to see” I wasn’t sure I was understanding it correctly. I was wondering if you don’t check that box, is it basically the same as the “certification trust”

As always, thanks again for your help.
Mark

Hi Mark,

this is why it is called advanced. :wink:

See technically if you certify a pubkey, you are adding a signature to it. Because it is a signature you have made with your key, you trust it. (Your own key should have a high “certification trust”, because you trust the owner, because it is you.)

If you publish a public key, by default all signatures on the key will be published along with it. So there are some situations, e.g. for testing where you do not want your certification of the key (the signature on the key) to be public. This is where you can use the advanced option of a certification that is marked as not-to-be-published (sometime also called “local signature” on the key).

Regards,
Bernhard

Hi Bernhard,

I think it is finally clicking in…The “Change Certification Trust Level” is for assigning how much trust you place in that person/company in signing other keys that don’t necessarily belong to them.

The Certify Key is for when I personally check the imported key (fingerprint, etc) and then sign off that I know it came from them.

That Advanced part (with the unchecked box for “Certify for everyone to see” then allows other to see that I signed it (if I check that box). Then if someone trusts me, they can use that in determining how they would trust that key based on what they have in their Certification Trust Level.

Thanks Again for your help,
Mark