<div dir="ltr"><div>Allow me to step back to the beginning.</div><div><br></div><div>We need to move off of our CentOS v7x platform ASAP, on which the most recent GnuPG is v2.0.22. Yes, I know that this is ancient; but, management does not want to rely on roll-our-own executables.</div><div><br></div><div>What I did was:</div><div>1. Zip up the .gnupg/ directory on the old system;</div><div>2. Unzip it on the new system;</div><div>3. Verify the /bin/gpg is on the new system;</div><div>4. Successfully tested decryption; and</div><div>5. Tried testing encryption.</div><div><br></div><div>Sadly, Step 5 (encryption testing) is where the troubles began:</div><div>a. gpg: DBG: Oops: keyid_from_fingerprint: no pubkey; fpr: ...<br><br>b. gpg: key 0000000000000000 occurs more than once in the trustdb<br><br>c. gpg: 079A71E548C19BC0: There is no assurance this key belongs to the named user<br><br>d. gpg: TEST.txt: sign+encrypt failed: Unusable public key<br></div><div><br></div><div><br></div><div>Ought we do something on the legacy (v2.0.22) host before copying to the new host?</div><div><br></div><div><br></div><div>Please, HELP! We need to transition yesterday ...</div><div><br></div><div>~ Mike<br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Oct 8, 2024 at 11:18 AM Werner Koch <<a href="mailto:wk@gnupg.org">wk@gnupg.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Fri, 4 Oct 2024 12:45, Mike Schleif said:<br>
<br>
> gpg (GnuPG) 2.3.3<br>
<br>
> BEFORE taking your actions:<br>
><br>
> -rw-r--r--. 1 root root 0 Oct 3 10:45 .gpg-v21-migrated<br>
<br>
Which means that you already migtated from 2.0 or 1.4 to 2.1 or later.<br>
That is the private keys are now stored in separate file below the <br>
<br>
> drwx------. 2 root root 4096 Oct 3 10:45 private-keys-v1.d<br>
<br>
directory.<br>
<br>
> -rw-------. 1 root root 273017 Jul 22 15:03 pubring.gpg<br>
> -rw-------. 1 root root 273017 Jul 22 15:03 pubring.gpg~<br>
> -rw-------. 1 root root 600 Oct 3 11:03 random_seed<br>
> -rw-------. 1 root root 5726 Jul 10 2017 secring.gpg<br>
<br>
Take care - that secring.gpg is only used by older gpg versions. <br>
<br>
> NOTE: NO .kbx files.<br>
<br>
Right, you still use the pubring.gpg - not a real problem but no so<br>
common. Something with the migration didn't worked out. The<br>
pubring.gpg can't be used for gpgsm (S/MIME) and thus a pubring.kbx<br>
should have been created during the migration.<br>
<br>
> [ROOT@russell ~/.gnupg ] # /bin/gpg --import < exported.gpg<br>
> . . .<br>
> gpg: Total number processed: 189<br>
> gpg: w/o user IDs: 1<br>
> gpg: imported: 188<br>
> gpg: public key of ultimately trusted key 0000000000000000 not found<br>
<br>
Your trustdb has an ultimately trusted PGP-2 key. gpg can't disaply the<br>
fingerprint anymore and thus you see the zeroes.<br>
<br>
> gpg: marginals needed: 3 completes needed: 1 trust model: classic<br>
> gpg: depth: 0 valid: 82 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 82u<br>
> gpg: next trustdb check due at 2033-09-13<br>
<br>
You should<br>
<br>
gpg --edit-key YOURKEY<br>
<br>
and enter "trust" to set your key back to ultimately trusted. This will<br>
given you back the WoT.<br>
<br>
> gpg: key 0000000000000000 occurs more than once in the trustdb<br>
<br>
You have several PGP-2 keys in your trustdb.<br>
<br>
<br>
Salam-Shalom,<br>
<br>
Werner<br>
<br>
-- <br>
The pioneers of a warless world are the youth that<br>
refuse military service. - A. Einstein<br>
</blockquote></div><br clear="all"><br><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><br>If ever I can be of service to you; contact me at once.<br>I wish for you a truly extraordinary day ...<br><br>-- <br>Best Regards,<br><br>Mike Schleif<br>612-235-6060<div><a href="https://mikeschleif.net" target="_blank">https://mikeschleif.net</a><br><a href="http://mdsresource.net" target="_blank">http://mdsresource.net</a><br><a href="http://www.linkedin.com/in/schleif" target="_blank">http://www.linkedin.com/in/schleif</a><br><a href="http://facebook.com/MDSResource" target="_blank">http://facebook.com/MDSResource</a><br><a href="http://twitter.com/mikeschleif" target="_blank">http://twitter.com/mikeschleif</a></div></div></div>