<div dir="ltr">key: 41261F6446B51FDBD18FDDF8C4D62F13571F553F<br><br>ownertrust.txt:<br>41261F6446B51FDBD18FDDF8C4D62F13571F553F:5:<br><br># /usr/bin/gpg --list-keys 9B51B2A5C71BDCEC<br>pub rsa2048 2023-07-10 [SC] [expires: 2025-10-09]<br> 41261F6446B51FDBD18FDDF8C4D62F13571F553F<br>uid [ unknown] FISERV-SFG-NA-PROD-GPG-2K-23-193-01 (FISERV SFG NA PROD GPG 2K) <<a href="mailto:X3GDS_FDFileGateway@fiserv.com">X3GDS_FDFileGateway@fiserv.com</a>><br>sub rsa2048 2023-07-10 [E] [expires: 2025-10-09]<br><br>encryption error:<br>gpg: 9B51B2A5C71BDCEC: There is no assurance this key belongs to the named user<br><br><br>Is the _only_ solution to convert ALL keys to ultimate (6)?<br><br>Please, advise. Thank you.<br><br><div>~ Mike</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Oct 10, 2024 at 2:34 AM Werner Koch <<a href="mailto:wk@gnupg.org">wk@gnupg.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Wed, 9 Oct 2024 13:55, Mike Schleif said:<br>
<br>
> We do not want every key at level ultimate, and we do not want to manually<br>
> edit hundreds of keys to change each trust level.<br>
<br>
There is a an easier way:<br>
<br>
gpg --export-ownertrust >ownertrust.txt<br>
<br>
and then edit that file. You see lines like<br>
<br>
AEA84EDCF01AD86C4701C85C63113AE866587D0A:6:<br>
<br>
The first field is the fingerprint and the second field (6) gives the<br>
ownertrust value:<br>
<br>
#define TRUST_MASK 15<br>
#define TRUST_UNKNOWN 0 /* o: not yet calculated/assigned */<br>
#define TRUST_EXPIRED 1 /* e: calculation may be invalid */<br>
#define TRUST_UNDEFINED 2 /* q: not enough information for calculation */<br>
#define TRUST_NEVER 3 /* n: never trust this pubkey */<br>
#define TRUST_MARGINAL 4 /* m: marginally trusted */<br>
#define TRUST_FULLY 5 /* f: fully trusted */<br>
#define TRUST_ULTIMATE 6 /* u: ultimately trusted */<br>
/* Trust values not covered by the mask. */<br>
#define TRUST_FLAG_REVOKED 32 /* r: revoked */<br>
#define TRUST_FLAG_SUB_REVOKED 64 /* r: revoked but for subkeys */<br>
#define TRUST_FLAG_DISABLED 128 /* d: key/uid disabled */<br>
#define TRUST_FLAG_PENDING_CHECK 256 /* a check-trustdb is pending */<br>
#define TRUST_FLAG_TOFU_BASED 512 /* The trust value is based on<br>
* the TOFU information. */<br>
<br>
Thus setting the second fields to 5 and do a<br>
<br>
gpg --import-ownertrust < ownertrust.txt<br>
gpg --check-trustdb<br>
<br>
should do what you have in mind.<br>
<br>
But let me note that this is not an official API - it works but it may<br>
in theory be changed w/o notice.<br>
<br>
<br>
Salam-Shalom,<br>
<br>
Werner<br>
<br>
-- <br>
The pioneers of a warless world are the youth that<br>
refuse military service. - A. Einstein<br>
</blockquote></div><br clear="all"><br><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><br>If ever I can be of service to you; contact me at once.<br>I wish for you a truly extraordinary day ...<br><br>-- <br>Best Regards,<br><br>Mike Schleif<br>612-235-6060<div><a href="https://mikeschleif.net" target="_blank">https://mikeschleif.net</a><br><a href="http://mdsresource.net" target="_blank">http://mdsresource.net</a><br><a href="http://www.linkedin.com/in/schleif" target="_blank">http://www.linkedin.com/in/schleif</a><br><a href="http://facebook.com/MDSResource" target="_blank">http://facebook.com/MDSResource</a><br><a href="http://twitter.com/mikeschleif" target="_blank">http://twitter.com/mikeschleif</a></div></div></div>