Hello Daniel, Am 19.10.2016 um 05:57 schrieb Daniel Kahn Gillmor: > On Tue 2016-10-18 13:07:12 -0400, Mechtilde wrote: > >> thanks for your help at IRC to solve the problem with my secret key. >> >> I still have problems with my public keyring. There aren't the >> information of trust. > > i'm not sure specifically what you mean by "information of trust" -- do > you mean validity of user ids? or knowledge of which keys are > "ultimately" or "fully" or "marginally" trusted as introducers (this is > known as "ownertrust")?
Yes, this interpretation is right. > if you run "gpg --check-trustdb" it will show you how many keys have > certain ownertrust levels. For example: > > gpg: marginals needed: 3 completes needed: 1 trust model: pgp > gpg: depth: 0 valid: 1 signed: 19 trust: 0-, 0q, 0n, 0m, 0f, 1u > gpg: depth: 1 valid: 19 signed: 58 trust: 18-, 0q, 0n, 0m, 0f, 0u The result I get is too little > > means that there is one key with ultimate ownertrust which has signed 19 > keys, and no other keys have any ownertrust. > > Do you recall having assigned ownertrust in the past to any keys? how > many secret keys do you have that are your own? Those keys should have > "ultimate" ownertrust. No they haven't. > >> I only see the Name and E-Mail addresses from the mails I get since >> last Friday. > > This sounds mail user agent specific to me; it seems that you're using > thunderbird (with enigmail?), but i'm not sure what it means to "only see > the Name and E-Mail addresses" -- can you clarify? yes this is right. I use Icedove with Enigmail. > >> What is the best solution to recover? Should I copy the file "trustdb" >> from the machine with Debian Stable? > > if you have an older copy of your ~/.gnupg/ on a machine that has gpg1, > you should try using "gpg1 --homedir /path/to/.gnupg.backup > --export-ownertrust" and comparing its output with "gpg2 > --export-ownertrust" (which looks at the current ~/.gnupg). I try this. Then I saw the trust I set for some new keys. But most of them are missing. > > if they differ, you might try sending the old ownertrust into stdin of > "gpg2 --import-ownertrust" and seeing whether that resolves the issue. > > the ownertrust should *not* have been cleared during the upgrade, but > maybe it somehow was? The last step I tried: I imported the old public keyring too. So I summarize: I needed to import the old public keyring and the trustdb. Thanks for your advices > > --dkg > Mechtilde Stehmann -- ## Debian ## Loook, calender-exchange-provider, libreoffice-canzeley-client ## PGP encryption welcome ## Key-ID 0x141AAD7F
