corrupted trustdb

Stephen Montgomery-Smith stephen at
Sat Dec 8 19:20:21 CET 2012

Hash: SHA1

On 12/08/2012 11:28 AM, Hauke Laging wrote:
> Am Sa 08.12.2012, 10:07:28 schrieb Stephen Montgomery-Smith:
>> I inherited a key that was created in 2000.  I have used it to
>> create signatures for emails and files for a long time.  But for
>> some reason it fails to work with any version of gpg greater than
>> 1.0.4.
>> Anyway, I am now running into problems that sometimes this key
>> fails to properly sign large files.  So I would like to recreate
>> the trusted key so that (a) it will work with gpg greater than
>> 1.0.4, and (b) sign large files.
> That sounds a bit strange to me. What exactly is "fails to work"
> supposed to mean? It's a huge difference whether a) a key cannot
> create good signatures b) a key (and thus its signatures) is not
> trusted

I am using it to create detached signatures.  gpg-1.0.4 creates
detached signatures, but when someone else tries to verify the
signature, it says "BAD signature."  Most files I generate detached
signatures for work in that verification works, saying "Good signature
from "CTM Generator <ctm at>"".  But for a couple of very
large files, it creates "BAD signature."

gpg-2.0.19 does not create signatures at all, instead coming up with
error messages like
gpg: [don't know]: invalid packet (ctb=73)
gpg: keydb_search failed: Invalid packet
gpg: error checking usability status of C380B4D8
gpg: [don't know]: invalid packet (ctb=73)
gpg: keydb_search failed: Invalid packet
gpg: key C380B4D8: secret key without public key - skipped
gpg: no default secret key: No secret key
gpg: signing failed: No secret key

>> Does anyone have any other suggestions as to how I can fix my
>> trusted keys?  Or should I go ahead and create completely new
>> keys?
> You can easily set the trust level for a key: gpg --edit-key
> 0x12345678 trust
> But that affects your local installation only. That gpg
> --export-ownertrust fails may be a hint that the file is corrupted.
> You could delete / rename it and run gpg --update-trustdb
> afterwards.

The issue is that it seems that my private key is corrupted.  I
probably should have said "private" instead of "trusted."  (Gpg is
rather new to me, and I probably don't get the lingo correct.)

Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with undefined -


More information about the Gnupg-users mailing list