认证等级

有不同类别的认证。引用RFC 4880、OpenPGP、5.2.1。签名类型：

[...]

0x10: Generic certification of a User ID and Public-Key packet.
   The issuer of this certification does not make any particular
   assertion as to how well the certifier has checked that the owner
   of the key is in fact the person described by the User ID.

0x11: Persona certification of a User ID and Public-Key packet.
   The issuer of this certification has not done any verification of
   the claim that the owner of this key is the User ID specified.

0x12: Casual certification of a User ID and Public-Key packet.
   The issuer of this certification has done some casual
   verification of the claim of identity.

0x13: Positive certification of a User ID and Public-Key packet.
   The issuer of this certification has done substantial
   verification of the claim of identity.

Most OpenPGP implementations make their "key signatures" as 0x10
certifications.  Some implementations can issue 0x11-0x13
certifications, but few differentiate between the types.

[...]

GnuPG 显示“普通”0x10签名 assig和高级签名，以区分不同类型的认证级别，并带有以下数字：0x11as sig 1、0x12assig 2和0x13as sig 3。rev表示已撤销的签名。

--list-sigsGnuPG 手册页 ( ) 也解释了的输出man gpg：

--list-sigs
    Same as --list-keys, but the signatures are listed too.  This command has the
    same effect as using --list-keys with --with-sig-list.

    For  each  signature listed, there are several flags in between the "sig" tag
    and keyid. These flags give additional information about each signature. From
    left  to  right,  they  are  the numbers 1-3 for certificate check level (see
    --ask-cert-level), "L" for a local or non-exportable signature (see  --lsign-
    key), "R" for a nonRevocable signature (see the --edit-key command "nrsign"),
    "P" for a signature that contains a policy URL (see  --cert-policy-url),  "N"
    for  a  signature  that contains a notation (see --cert-notation), "X" for an
    eXpired signature (see --ask-cert-expire), and the numbers 1-9 or "T" for  10
    and  above  to  indicate  trust  signature levels (see the --edit-key command
    "tsign").

模糊性

还要注意规范部分的第一段，它表明认证级别没有一般的、严格的定义：

签名有许多可能的含义，它们在任何给定签名中的签名类型八位字节中表示。请注意，这些含义的模糊性不是缺陷，而是系统的一个特点。因为 OpenPGP 将有效性的最终权威赋予签名的接收者，所以一个签名者的随意行为可能比其他权威的积极行为更严格。[...]

因此，有些人发布了认证政策。我在签署 PGP 密钥时你在说什么中提供了一些讨论？

试图从 Jens Erat 的人类语言帖子中澄清一些细节： " " => 0x00 Generic certification: does not make any particular ownership assertion "1" => 0x11 Persona certification: has not done any ownership verification "2" => 0x12 Casual certification: has done some identity verification "3" => 0x13 Positive certification: has done substantial identity verification

再次为了可读性： "L" for a Local or non-exportable signature (see --lsign- key) "R" for a non-Revocable signature (see --edit-key command "nrsign") "P" for a signature that contains a Policy URL (see --cert-policy-url) "N" for a signature that contains a Notation (see --cert-notation) "X" for an eXpired signature (see --ask-cert-expire) "T" or [1-9] indicate trust signature levels (see --edit-key command "tsign")