HOW to upgrade: 2.0.22 --> 2.3.3 ???
Werner Koch
wk at gnupg.org
Thu Oct 10 09:34:47 CEST 2024
On Wed, 9 Oct 2024 13:55, Mike Schleif said:
> We do not want every key at level ultimate, and we do not want to manually
> edit hundreds of keys to change each trust level.
There is a an easier way:
gpg --export-ownertrust >ownertrust.txt
and then edit that file. You see lines like
AEA84EDCF01AD86C4701C85C63113AE866587D0A:6:
The first field is the fingerprint and the second field (6) gives the
ownertrust value:
#define TRUST_MASK 15
#define TRUST_UNKNOWN 0 /* o: not yet calculated/assigned */
#define TRUST_EXPIRED 1 /* e: calculation may be invalid */
#define TRUST_UNDEFINED 2 /* q: not enough information for calculation */
#define TRUST_NEVER 3 /* n: never trust this pubkey */
#define TRUST_MARGINAL 4 /* m: marginally trusted */
#define TRUST_FULLY 5 /* f: fully trusted */
#define TRUST_ULTIMATE 6 /* u: ultimately trusted */
/* Trust values not covered by the mask. */
#define TRUST_FLAG_REVOKED 32 /* r: revoked */
#define TRUST_FLAG_SUB_REVOKED 64 /* r: revoked but for subkeys */
#define TRUST_FLAG_DISABLED 128 /* d: key/uid disabled */
#define TRUST_FLAG_PENDING_CHECK 256 /* a check-trustdb is pending */
#define TRUST_FLAG_TOFU_BASED 512 /* The trust value is based on
* the TOFU information. */
Thus setting the second fields to 5 and do a
gpg --import-ownertrust < ownertrust.txt
gpg --check-trustdb
should do what you have in mind.
But let me note that this is not an official API - it works but it may
in theory be changed w/o notice.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20241010/8cc1ec99/attachment.sig>
More information about the Gnupg-users
mailing list