What is Ownertrust? Trust-levels explained.

There are various trust-levels you can set for a certain key owner in GPG Keychain. First, let's understand what the trust-level is and what it indicates.

The ownertrust is the trust-level of a certain key. It reflects the level of trust, which you put into how thoroughly you think, the key owner acts when signing other keys. So let's note that trust-levels are not set for keys but for the certain key owners.

Important: Please understand, that adjusting the ownertrust will not affect the validity of the key you are setting it for. It only concerns third party keys, which then may be signed by your friends. Depending on the ownertrust you have set for your friends keys, their signatures on keys you have in GPG Keychain, will have different implications. Below you find a few examples, that will make it more obvious, what this means in practice.

Ultimate: is only used for your own keys. You trust this key 'per se'. Any message signed with that key, will be trusted. This is also the reason why any key from a friend, that is signed by you, will also show as valid (green), even though you did not change the ownertrust of the signed key. The signed key will be valid due to the ultimate ownertrust of your own key.

Full: is used for keys, which you trust to sign other keys. That means, if Alice's key is signed by your Buddy Bob, whose key you set the ownertrust to Full, Alice's key will be trusted. You should only be using Full ownertrust after verifying and signing Bob's key.

Unknown: is the default state. It means, no ownertrust has been set yet. The key is not trusted.

Undefined: has the same meaning as 'Unknown' but differs, since it has actually been set by the user. That could mean, that this is a key you want to process at a later point in time.

Never: Trust-level is identical to 'Unknown / Undefined' i.e. the key is not trusted. But in this case, you actively state, to never trust the key in question. That means, you know that the key owner is not accurately verifying other keys before signing them.

Marginal: will make a key show as valid, if it has been signed by at least three keys which you set to 'Marginal' trust-level. Example: If you set Alice's, Bob's and Peter's key to 'Marginal' and they all sign Ed's key, Ed's key will be valid. Due to the complexity of this status, we do not recommend using it.

Further Reading

A separate KB-article explains the process of signing keys: Trusting keys and why 'This signature is not to be trusted.'