corrupted trustdb

Stephen Montgomery-Smith stephen at missouri.edu
Sat Dec 8 19:20:21 CET 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/08/2012 11:28 AM, Hauke Laging wrote:
> Am Sa 08.12.2012, 10:07:28 schrieb Stephen Montgomery-Smith:
>> I inherited a key that was created in 2000.  I have used it to
>> create signatures for emails and files for a long time.  But for
>> some reason it fails to work with any version of gpg greater than
>> 1.0.4.
>> 
>> Anyway, I am now running into problems that sometimes this key
>> fails to properly sign large files.  So I would like to recreate
>> the trusted key so that (a) it will work with gpg greater than
>> 1.0.4, and (b) sign large files.
> 
> That sounds a bit strange to me. What exactly is "fails to work"
> supposed to mean? It's a huge difference whether a) a key cannot
> create good signatures b) a key (and thus its signatures) is not
> trusted

I am using it to create detached signatures.  gpg-1.0.4 creates
detached signatures, but when someone else tries to verify the
signature, it says "BAD signature."  Most files I generate detached
signatures for work in that verification works, saying "Good signature
from "CTM Generator <ctm at freebsd.org>"".  But for a couple of very
large files, it creates "BAD signature."

gpg-2.0.19 does not create signatures at all, instead coming up with
error messages like
gpg: [don't know]: invalid packet (ctb=73)
gpg: keydb_search failed: Invalid packet
gpg: error checking usability status of C380B4D8
gpg: [don't know]: invalid packet (ctb=73)
gpg: keydb_search failed: Invalid packet
gpg: key C380B4D8: secret key without public key - skipped
gpg: no default secret key: No secret key
gpg: signing failed: No secret key


> 
> 
>> Does anyone have any other suggestions as to how I can fix my
>> trusted keys?  Or should I go ahead and create completely new
>> keys?
> 
> You can easily set the trust level for a key: gpg --edit-key
> 0x12345678 trust
> 
> But that affects your local installation only. That gpg
> --export-ownertrust fails may be a hint that the file is corrupted.
> You could delete / rename it and run gpg --update-trustdb
> afterwards.

The issue is that it seems that my private key is corrupted.  I
probably should have said "private" instead of "trusted."  (Gpg is
rather new to me, and I probably don't get the lingo correct.)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJQw4TkAAoJEC3xK9GaktgHMZYH/1m87jsMXxxWAfHwXKIPSPG+
K/xwL562XFv0t6gDnFgSAkiz9E0dKDefRCgc/ccxdCIuGX7gCYPOmzoIpxhdgtri
3R/fbMNaTW7DA6Ew6hkIDePvjb3ZKKM2B5pdXWA3bzmr+LODVNoaTpUsuwLlOBPY
iT8rTMkhQ+dNJMm62P4TT09MeLPL16SWjNbwQAWL2LxlS9oeMmgJR6eklZ5ZJDFC
La1wnlmyXHXgrMf55rTsJFGI1vXCypB4ue9HIAVJvdYkU0RA5sMs5dxhyIaKSOdt
mE/RGGWquvLDVcnnWbQx3usDTLPTzPuQeM+zzOXpdt+zCfIvayBsJtZYuwNIv5E=
=kH5L
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list