Where I mentioned "otrust.gpg" in the description, that should have been otrust.txt. I am very sorry for that.
Michal Novotny On Sat, Feb 25, 2017 at 1:14 PM, Michal Novotny <cl...@redhat.com> wrote: > Hello, > > I have got a trustdb that gives the following output on --check-trustdb: > > gpg: public key of ultimately trusted key 3ADE2987ABBFDB66 not found > gpg: public key of ultimately trusted key 831FE43EDDD16F3D not found > gpg: marginals needed: 3 completes needed: 1 trust model: pgp > gpg: depth: 0 valid: 6468 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 6468u > gpg: next trustdb check due at 2021-01-18 > > There are two public keys that are not found in public keyring (nor secret > keyring actually) but there is a record for them in the trustdb. I have a > vague idea how this could have happened, however what I would like to get > is a trustdb without the two records. > > For that, I > > - called gpg2 --export-ownertrust > otrust.txt > - manually removed the two records for which there is no public key > - moved current trustdb.gpg to trustdb.gpg.bak > - and finally called gpg2 --import-ownertrust < otrust.gpg > > The output of --check-trustdb with the new db is now okay: > > gpg: marginals needed: 3 completes needed: 1 trust model: pgp > gpg: depth: 0 valid: 6466 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 6466u > gpg: next trustdb check due at 2021-01-18 > > However what bugs me slightly is that trustdb.gpg is now of much smaller > size. Before it was: 908K, now it is 554K. > > There is pretty much the same size decrease if I do not remove the records > for missing public keys and just do: > > - called gpg2 --export-ownertrust > otrust.txt > - move current trustdb.gpg to trustdb.gpg.bak > - and finally call gpg2 --import-ownertrust < otrust.gpg. > > The output of --check-trustdb is now: > > gpg: public key of ultimately trusted key 3ADE2987ABBFDB66 not found > gpg: public key of ultimately trusted key 831FE43EDDD16F3D not found > gpg: marginals needed: 3 completes needed: 1 trust model: pgp > gpg: depth: 0 valid: 6468 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 6468u > gpg: next trustdb check due at 2021-01-18 > > Again, the new trustdb.gpg has 554K, while the original had 908K. And also > what is curious is that the new file had 301K before calling > --check-trustdb and 554K after. > > Anyway, it seems the original trustdb is not fully restored after > --export-ownertrust and --import-ownertrust even though the output of > --check-trustdb gives the same output for the original and new file (6468 > valid ultimately trusted keys). > > I know this is a bit complicated description but could anyone explain > what's going on with the changes in the trustdb.gpg file size? > > Thank you > Michal Novotny >
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users