Migrating from PGP to GPG question
John Clizbe
John at Mozilla-Enigmail.org
Fri Mar 5 19:05:50 CET 2010
Daniel Kahn Gillmor wrote:
> On 03/05/2010 01:30 AM, Smith, Cathy wrote:
>> The gpg --list-sig shows that the keys are signed. Do I need to create a
>> new signature key, and re-sign all the public keys that I imported?
>
> I think the simplest thing for you to do is to modify the ownertrust of
> your old signing key on the new installation. That is, you say that all
> the keys are signed, presumably by some particular key that you used in
> your PGP installation. Let's pretend that key's ID is 0xDECAFBAD.
>
PGP and GnuPG have different mechanisms for marking the trust of a signing key.
In PGP, it's called 'Implicit Trust' and is a check box in Key Properties. It's
stored as part of the key. In GnuPG, the same trust level is called 'Ultimate
trust' and trust values are stored in a separate file, trustdb.gpg. It's the
most common problem I've seen when a user migrates keyrings.
Having done this migration several times to answer migrating users' questions, I
can confirm the 'proper' solution is as Daniel suggested: edit your signing
key(s) and set the trust level to ultimate. 'Trust' will then propagate from
your key to the keys you have signed.
--
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100305/7fc5e81b/attachment-0001.pgp>
More information about the Gnupg-users
mailing list