SUMMARY On a machine where I don't have a personal private/public key pair, I imported the key for KeepassXC (https://keepassxc.org/verifying-signatures/) in order to verify the sources. (keepassxc-2.4.1-src.tar.xz + keepassxc-2.4.1-src.tar.xz.sig) In order to let Kleopatra accept the KeepassXC devs key, I had to set trust level to "I belive that certificate are accurate". But it was not enough. I had to use KGpg to set the maximum level of "trust of key owner". Now if I open again the same key properties from Kleopatra, under the level of trust of the key, none of the available choices is selected SOFTWARE/OS VERSIONS Linux/KDE Plasma: Fedora 29 (available in About System) KDE Plasma Version: 5.14 KDE Frameworks Version: 5.55 Qt Version: 5.11.3 ADDITIONAL INFORMATION Kleopatra 3.1.3
Hi, it's a bit of a usability issue here that causes confusion. But I think Kleopatra actually tries to explain it already in the dialog and by calling it "Certification trust". In OpenPGP "Certification trust" and Validity are different things. "Certification trust" is only needed for the "Web of trust". If you want to directly mark a key as "Valid" (green) then you have to certify it. This step basically means that you have verified that this is the right signing key and then from now on it will show all signatures of that signing key as green. Regards, Andre