decrypt-file updates trustdb?

Cia Watson ciamarie at
Wed Feb 22 17:23:56 CET 2012

On Tue, 21 Feb 2012 12:48:15 +0100
<David.Vazquez-Landa at> wrote:

> I have a service, which calls gpg to decrypt files and I can’t move forward
> because I keep getting the following error:
> “PGP decryption error - gpg: Signature made 02/06/12 14:08:19 using DSA key
> ID 23E858FE gpg: NOTE: trustdb not writable gpg: checking the trustdb gpg:
> public key 64A20A5A is 3219 seconds newer than the signature gpg: public
> key A1C13ADD is 153 seconds newer than the signature gpg: renaming
> `D:/GNU/GnuPG\pubring.gpg' to `D:/GNU/GnuPG\pubring.bak' failed: Permission
> denied gpg: failed to rebuild keyring cache: file rename error gpg: trustdb
> rec 247: write failed (n=-1): Bad file descriptor gpg: trustdb: sync
> failed: file write error”
> This happens when trying the following command:
> --homedir c:\GNU\GnuPG --passphrase password --no-tty --armor --yes
> --decrypt-files localFolder

> Now, I could ignore the timestamp and I guess I would be able to open the
> trustdb and my service wouldn’t die. OR I could give write permissions on
> trustdb.gpg, pubring.gpg and pubring.bak to the user executing the service.
> But I wouldn’t want to do any of those without knowing why the command is
> trying to rebuild the keyring cache. 

To make a long story short, check the time on your desktop
and your /etc/default/rcS file to see if an update changed the UTC= from no to

I'm not sure what distro you're running, and this may not be related to your
issue. However I saw a similar error when I was updating Debian squeeze in a
VM, on a Debian wheezy host. It turns out there was a recent update that made
some changes to the /etc/default/rcS file and made this change:
- UTC=no
+ UTC=yes

In other words, I had UTC=no and it changed it back to the default of yes,
After seeing it wanted to make that change in wheezy which I told it to allow,
since there were other changes to the file that may have been important, I
just went in afterward and changed UTC= back to no.

In my squeeze vm however, it didn't bother to tell me it was making the
change, but when I saw the error about time differences on the keyring, I
looked at the time on the desktop and saw it was off, checked
the /etc/default/rcS file and saw it had UTC set to yes, so I changed it
back to no and now the desktop time is correct and no keyring time errors when
I'm updating.

Cia W.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: </pipermail/attachments/20120222/729a34f7/attachment.pgp>

More information about the Gnupg-users mailing list