I’m using GPG Keychain Version 1.12 (1800) from https://gpgtools.org on Mac OS 15.2 (24C101)
When I open it, I see a table of keys and the last column of the table is called “validity”. It looks like this:
On the GnuPG FAQ page, it does say:
7.19 What does ‘validity’ mean?
Although a certificate makes certain assertions about identity, these assertions cannot be blindly trusted. (Consider, for instance, whether you should trust a certificate that claims to belong to obama@whitehouse.gov.)
If you trust the certificate’s assertions, you are said to have ‘validated’ the certificate. Validation can be done by fiat or as the result of a process. For instance, you validate your own certificate by fiat: “this certificate says it belongs to me, and I trust it.” Validating other certificates, though, should probably have a little more rigor involved. How much rigor will depend entirely on your own particular needs and the threats you face.
That’s helpful, but I’m looking for even more specifics. I’m wondering how to interpret this validity column specifically. I.e. what different values can this column show and what causes them? (E.g. the two red rows are, I assume, because those keys are expired.)
