verify after export/import of secret key

Neil Williams linux at
Fri Oct 17 19:20:41 CEST 2003

On Friday 17 Oct 2003 3:10 pm, Andreas Korn wrote:
> Hi,
> when I generate a key pair, import the public key of a friend, sign his
> public key and verify a signed mail of him this works fine.
> But when I export my public and secret keys (gpg --export / gpg
> --export-secret-keys), empty the keyrings (rm ~/.gnupg/*), import them

If you want to empty the keyrings by force using rm, just delete 
~/.gnupg/pubring.gpg (and possible secring.gpg) - by deleting the entire 
directory you are losing all GnuPG options and (the bit that matters for your 
query) the trust database. The trust is not stored in the keys themselves, it 
is entirely dictated by user input. Set your key to ultimate trust and keys 
you have signed should show as fully trusted, keys signed by those people 
show as marginal. (3 marginals on one key -> full etc.) 

GnuPG can delete keys from the keyring itself - much more cleanly than using 
bash and rm. (Sledgehammer vs nut ?)


> again (gpg --import) and then do the same a before (import pub-key of
> friend, sign it, verify mail) the verification fails. gpg always tells
> me that it is a good signature but untrusted:

Because you deleted the only file that tells GnuPG which keys it can trust - 
even your own. Just because you generate a key, does not mean GnuPG should 
assume that you want to deal with the trust, it may just be a temporary / 
testing key.

> What's wrong?
rm ~/.gnupg/* 
That's what was wrong.


Neil Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20031017/f474e9ec/attachment-0001.bin

More information about the Gnupg-users mailing list