Migrating from PGP to GPG question

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Mar 5 16:43:35 CET 2010

On 03/05/2010 01:30 AM, Smith, Cathy wrote:
>  The gpg --list-sig shows that the keys are signed.  Do I need to create a new signature key, and re-sign all the public keys that I imported?

I think the simplest thing for you to do is to modify the ownertrust of
your old signing key on the new installation.  That is, you say that all
the keys are signed, presumably by some particular key that you used in
your PGP installation.  Let's pretend that key's ID is 0xDECAFBAD.

You'd do:

 gpg --edit-key 0xDECAFBAD

and then from the gpg subshell, do:


which will give you a menu like this:

Please decide how far you trust this user to correctly verify other
users' keys
(by looking at passports, checking fingerprints from different sources,

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

indicate that this installation should trust your signing key
"ultimately", and then type "save" into the gpg subshell.

Now, you can encrypt to any key that has been certified by 0xDECAFBAD
and you won't get that warning, because gpg trusts the certifications
made by your signing key.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100305/76148d97/attachment.pgp>

More information about the Gnupg-users mailing list