[pkg-gnupg-maint] Bug#840849: Bug#840849: gnupg2: pubkeyring and secretkey unusable

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Oct 19 03:57:14 UTC 2016 

On Tue 2016-10-18 13:07:12 -0400, Mechtilde wrote:

> thanks for your help at IRC to solve the problem with my secret key.
>
> I still have problems with my public keyring. There aren't the
> information of trust.

i'm not sure specifically what you mean by "information of trust" -- do
you mean validity of user ids?  or knowledge of which keys are
"ultimately" or "fully" or "marginally" trusted as introducers (this is
known as "ownertrust")?

if you run "gpg --check-trustdb" it will show you how many keys have
certain ownertrust levels.  For example:

gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:  19  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:  19  signed:  58  trust: 18-, 0q, 0n, 0m, 0f, 0u

means that there is one key with ultimate ownertrust which has signed 19
keys, and no other keys have any ownertrust.

Do you recall having assigned ownertrust in the past to any keys?  how
many secret keys do you have that are your own?  Those keys should have
"ultimate" ownertrust.

> I only see the Name and E-Mail addresses from the mails I get since
> last Friday.

This sounds mail user agent specific to me; it seems that you're using
thunderbird (with enigmail?), but i'm not sure what it means to "only see
the Name and E-Mail addresses" -- can you clarify?

> What is the best solution to recover? Should I copy the file "trustdb"
> from the machine with Debian Stable?

if you have an older copy of your ~/.gnupg/ on a machine that has gpg1,
you should try using "gpg1 --homedir /path/to/.gnupg.backup
--export-ownertrust" and comparing its output with "gpg2
--export-ownertrust" (which looks at the current ~/.gnupg).

if they differ, you might try sending the old ownertrust into stdin of
"gpg2 --import-ownertrust" and seeing whether that resolves the issue.

the ownertrust should *not* have been cleared during the upgrade, but
maybe it somehow was?

      --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161018/89a65d79/attachment-0001.sig>

More information about the pkg-gnupg-maint mailing list