gpg --verify complains that my own key is not trusted

gabriel rosenkoetter gr at eclipsed.net
Fri Feb 6 07:23:25 CET 2004


On Fri, Feb 06, 2004 at 12:08:46AM +0100, Yann Dirson wrote:
> I don't understand why gpg complains about sigs made with my own key.

It's not complaining about the signature, it's complaining about the
trust you've assigned this key.

> It's possible that I'm missing something, but I hardly see what:
> 
> $ LC_ALL=C gpg --verify gcompris_5.0-2_i386.changes  
> gpg: Signature made Fri Feb  6 00:00:52 2004 CET using DSA key ID 5C33C1B8
> gpg: Good signature from "Yann Dirson <dirson at debian.org>"
> gpg:                 aka "Yann Dirson (as Debian member) <dirson at debian.org>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the owner.
> Primary key fingerprint: 4238 4696 F272 C988 2A01  DB8A 575B 95B2 5C33 C1B8

You may have updated something about the main key, which invalidated
the trustdb listing. (I know because I just updated an expiration
date and it caused that.) Use gpg --edit-key to reassign 5C33C1B8
ultimate trust (it will be listed with undefined trust at the
moment).

-- 
gabriel rosenkoetter
gr at eclipsed.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : /pipermail/attachments/20040206/992a24d8/attachment.bin


More information about the Gnupg-users mailing list