file size change in trustdb.gpg after recovery
Michal Novotny
clime at redhat.com
Sat Feb 25 13:23:39 CET 2017
Hello,
I have got a trustdb that gives the following output on --check-trustdb:
gpg: public key of ultimately trusted key 3ADE2987ABBFDB66 not found
gpg: public key of ultimately trusted key 831FE43EDDD16F3D not found
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 6468 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 6468u
gpg: next trustdb check due at 2021-01-18
There are two public keys that are not found in public keyring (nor secret
keyring actually) but there is a record for them in the trustdb. I have a
vague idea how this could have happened, however what I would like to get
is a trustdb without the two records.
For that, I
- called gpg2 --export-ownertrust > otrust.txt
- manually removed the two records in otrust.txt for which there is no
public key
- moved current trustdb.gpg to trustdb.gpg.bak
- and finally called gpg2 --import-ownertrust < otrust.txt
The output of --check-trustdb with the new db is now okay:
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 6466 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 6466u
gpg: next trustdb check due at 2021-01-18
However what bugs me slightly is that trustdb.gpg is now of much smaller
size. Before it was: 908K, now it is 554K.
There is pretty much the same size decrease if I do not remove the records
for missing public keys and just do:
- called gpg2 --export-ownertrust > otrust.txt
- move current trustdb.gpg to trustdb.gpg.bak
- and finally call gpg2 --import-ownertrust < otrust.txt
The output of --check-trustdb is now:
gpg: public key of ultimately trusted key 3ADE2987ABBFDB66 not found
gpg: public key of ultimately trusted key 831FE43EDDD16F3D not found
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 6468 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 6468u
gpg: next trustdb check due at 2021-01-18
Again, the new trustdb.gpg has 554K, while the original had 908K. And also
what is curious is that the new file had 301K before calling
--check-trustdb and 554K after.
Anyway, it seems the original trustdb is not fully restored after
--export-ownertrust and --import-ownertrust even though the output of
--check-trustdb gives the same output for the original and new file (6468
valid ultimately trusted keys).
I know this is a bit complicated description but could anyone explain
what's going on with the changes in the trustdb.gpg file size?
Thank you
Michal Novotny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170225/0c04ca62/attachment.html>
More information about the Gnupg-users
mailing list