file size change after trustdb recovery

Michal Novotny clime at redhat.com
Sat Feb 25 13:16:23 CET 2017


Where I mentioned "otrust.gpg" in the description, that should have been
otrust.txt. I am very sorry for that.

Michal Novotny

On Sat, Feb 25, 2017 at 1:14 PM, Michal Novotny <clime at redhat.com> wrote:

> Hello,
>
> I have got a trustdb that gives the following output on --check-trustdb:
>
>   gpg: public key of ultimately trusted key 3ADE2987ABBFDB66 not found
>   gpg: public key of ultimately trusted key 831FE43EDDD16F3D not found
>   gpg: marginals needed: 3  completes needed: 1  trust model: pgp
>   gpg: depth: 0  valid: 6468  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 6468u
>   gpg: next trustdb check due at 2021-01-18
>
> There are two public keys that are not found in public keyring (nor secret
> keyring actually) but there is a record for them in the trustdb. I have a
> vague idea how this could have happened, however what I would like to get
> is a trustdb without the two records.
>
> For that, I
>
> - called gpg2 --export-ownertrust > otrust.txt
> - manually removed the two records for which there is no public key
> - moved current trustdb.gpg to trustdb.gpg.bak
> - and finally called gpg2 --import-ownertrust < otrust.gpg
>
> The output of --check-trustdb with the new db is now okay:
>
> gpg: marginals needed: 3  completes needed: 1  trust model: pgp
> gpg: depth: 0  valid: 6466  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 6466u
> gpg: next trustdb check due at 2021-01-18
>
> However what bugs me slightly is that trustdb.gpg is now of much smaller
> size. Before it was: 908K, now it is 554K.
>
> There is pretty much the same size decrease if I do not remove the records
> for missing public keys and just do:
>
> - called gpg2 --export-ownertrust > otrust.txt
> - move current trustdb.gpg to trustdb.gpg.bak
> - and finally call gpg2 --import-ownertrust < otrust.gpg.
>
> The output of --check-trustdb is now:
>
> gpg: public key of ultimately trusted key 3ADE2987ABBFDB66 not found
> gpg: public key of ultimately trusted key 831FE43EDDD16F3D not found
> gpg: marginals needed: 3  completes needed: 1  trust model: pgp
> gpg: depth: 0  valid: 6468  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 6468u
> gpg: next trustdb check due at 2021-01-18
>
> Again, the new trustdb.gpg has 554K, while the original had 908K. And also
> what is curious is that the new file had 301K before calling
> --check-trustdb and 554K after.
>
> Anyway, it seems the original trustdb is not fully restored after
> --export-ownertrust and --import-ownertrust even though the output of
> --check-trustdb gives the same output for the original and new file (6468
> valid ultimately trusted keys).
>
> I know this is a bit complicated description but could anyone explain
> what's going on with the changes in the trustdb.gpg file size?
>
> Thank you
> Michal Novotny
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170225/e4631d32/attachment-0001.html>


More information about the Gnupg-users mailing list