verify after export/import of secret key
linux at codehelp.co.uk
Fri Oct 17 19:20:41 CEST 2003
On Friday 17 Oct 2003 3:10 pm, Andreas Korn wrote:
> when I generate a key pair, import the public key of a friend, sign his
> public key and verify a signed mail of him this works fine.
> But when I export my public and secret keys (gpg --export / gpg
> --export-secret-keys), empty the keyrings (rm ~/.gnupg/*), import them
If you want to empty the keyrings by force using rm, just delete
~/.gnupg/pubring.gpg (and possible secring.gpg) - by deleting the entire
directory you are losing all GnuPG options and (the bit that matters for your
query) the trust database. The trust is not stored in the keys themselves, it
is entirely dictated by user input. Set your key to ultimate trust and keys
you have signed should show as fully trusted, keys signed by those people
show as marginal. (3 marginals on one key -> full etc.)
GnuPG can delete keys from the keyring itself - much more cleanly than using
bash and rm. (Sledgehammer vs nut ?)
> again (gpg --import) and then do the same a before (import pub-key of
> friend, sign it, verify mail) the verification fails. gpg always tells
> me that it is a good signature but untrusted:
Because you deleted the only file that tells GnuPG which keys it can trust -
even your own. Just because you generate a key, does not mean GnuPG should
assume that you want to deal with the trust, it may just be a temporary /
> What's wrong?
That's what was wrong.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Url : /pipermail/attachments/20031017/f474e9ec/attachment-0001.bin
More information about the Gnupg-users