[pkg-gnupg-maint] Bug#840849: Bug#840849: gnupg2: pubkeyring and secretkey unusable

Mechtilde ooo at mechtilde.de
Sun Oct 23 16:17:16 UTC 2016 

Hello Daniel,

Am 19.10.2016 um 05:57 schrieb Daniel Kahn Gillmor:
> On Tue 2016-10-18 13:07:12 -0400, Mechtilde wrote:
> 
>> thanks for your help at IRC to solve the problem with my secret key.
>>
>> I still have problems with my public keyring. There aren't the
>> information of trust.
> 
> i'm not sure specifically what you mean by "information of trust" -- do
> you mean validity of user ids?  or knowledge of which keys are
> "ultimately" or "fully" or "marginally" trusted as introducers (this is
> known as "ownertrust")?

Yes, this interpretation is right.

> if you run "gpg --check-trustdb" it will show you how many keys have
> certain ownertrust levels.  For example:
> 
> gpg: marginals needed: 3  completes needed: 1  trust model: pgp
> gpg: depth: 0  valid:   1  signed:  19  trust: 0-, 0q, 0n, 0m, 0f, 1u
> gpg: depth: 1  valid:  19  signed:  58  trust: 18-, 0q, 0n, 0m, 0f, 0u

The result I get is too little
> 
> means that there is one key with ultimate ownertrust which has signed 19
> keys, and no other keys have any ownertrust.
> 
> Do you recall having assigned ownertrust in the past to any keys?  how
> many secret keys do you have that are your own?  Those keys should have
> "ultimate" ownertrust.

No they haven't.

> 
>> I only see the Name and E-Mail addresses from the mails I get since
>> last Friday.
> 
> This sounds mail user agent specific to me; it seems that you're using
> thunderbird (with enigmail?), but i'm not sure what it means to "only see
> the Name and E-Mail addresses" -- can you clarify?

yes this is right. I use Icedove with Enigmail.
> 
>> What is the best solution to recover? Should I copy the file "trustdb"
>> from the machine with Debian Stable?
> 
> if you have an older copy of your ~/.gnupg/ on a machine that has gpg1,
> you should try using "gpg1 --homedir /path/to/.gnupg.backup
> --export-ownertrust" and comparing its output with "gpg2
> --export-ownertrust" (which looks at the current ~/.gnupg).

I try this. Then I saw the trust I set for some new keys. But most of
them are missing.
> 
> if they differ, you might try sending the old ownertrust into stdin of
> "gpg2 --import-ownertrust" and seeing whether that resolves the issue.
> 
> the ownertrust should *not* have been cleared during the upgrade, but
> maybe it somehow was?

The last step I tried: I imported the old public keyring too. So I
summarize: I needed to import the old public keyring and the trustdb.

Thanks for your advices

> 
>       --dkg
> 


Mechtilde Stehmann
--
## Debian
## Loook, calender-exchange-provider, libreoffice-canzeley-client
## PGP encryption welcome
## Key-ID 0x141AAD7F

More information about the pkg-gnupg-maint mailing list