Strange trust problem

Mark Pettit
Sat Feb 2 18:38:01 2002

>* On Fri, Feb 01, 2002 at 07:43:14PM -0800,
>* Mark Pettit <> wrote:
>> Notice that the validity is "q".  Why is this?  The key "2222" has
>> been signed by user "1111".  I'm telling gpg that user "1111" is the
>> trusted-key.  Why is the key for "2222" not valid?
>I had a similar problem. I discovered an option to gnupg which showed
>me an error in my trustdb. Try "gpg --check-trustdb", perhaps your
>trustdb is broken. I solved the problem with deleting my trustdb and
>making a new one. This was ok to me, because I have only about three
>keys I trust (at the moment). Perhaps exporting, deleting and
>re-importing the trustdb could help, but I don't know. There seems to
>be another (in the manpage) undocumented option "--fix-trustdb" but I
>don't know its purpose.

The 'check-trustdb' didn't show me anything useful.  The first time I
ran it, it said:

  gpg: 10 keys processed
  gpg:    8 due to new pubkeys
  gpg:    2 keys skipped

Then I ran it again, and it said:

  gpg: 10 keys processed
  gpg:    10 keys skipped

But the validity for the key "2222" was still "q".

So I deleted the trustdb.gpg file, and re-ran the "--list-keys
--with-colons".  That fixed the problem.

I tried running "--fix-trustdb", but it said this:

  gpg: this command is not yet implemented.
  gpg: A workaround is to use "--export-ownertrust", remove
  gpg: the trustdb file and do an "--import-ownertrust".

So my next question is, what's a reliable way of using gpg for this
kind of automated authentication?  Should I just delete trustdb.gpg at
the beginning of every run?  There isn't any "assigned" trust in the
system, because I'm strictly relying on signatures on keys.

Mark K. Pettit          "Ragged lines of ragged grey     Skeletons they shuffle away"
Technical Yahoo
Yahoo!, Inc., 701 First Avenue, Sunnyvale, CA 94089