Migrating from PGP to GPG question

John Clizbe John at Mozilla-Enigmail.org
Fri Mar 5 19:05:50 CET 2010

Daniel Kahn Gillmor wrote:
> On 03/05/2010 01:30 AM, Smith, Cathy wrote:
>> The gpg --list-sig shows that the keys are signed. Do I need to create a
>> new signature key, and re-sign all the public keys that I imported?
> I think the simplest thing for you to do is to modify the ownertrust of
> your old signing key on the new installation.  That is, you say that all
> the keys are signed, presumably by some particular key that you used in
> your PGP installation.  Let's pretend that key's ID is 0xDECAFBAD.
PGP and GnuPG have different mechanisms for marking the trust of a signing key.
In PGP, it's called 'Implicit Trust' and is a check box in Key Properties. It's
stored as part of the key.  In GnuPG, the same trust level is called 'Ultimate
trust' and trust values are stored in a separate file, trustdb.gpg. It's the
most common problem I've seen when a user migrates keyrings.

Having done this migration several times to answer migrating users' questions, I
can confirm the 'proper' solution is as Daniel suggested: edit your signing
key(s) and set the trust level to ultimate. 'Trust' will then propagate from
your key to the keys you have signed.

John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100305/7fc5e81b/attachment-0001.pgp>

More information about the Gnupg-users mailing list