GPG-PGP5 Interoperation -- trust

Caskey L. Dickson caskey at technocage.com
Fri Jul 24 05:18:22 CEST 1998 

If I already sent this, I apologise for the duplicate, I found it in my
outbox but thought I had finished it.

On Thu, 23 Jul 1998, Werner Koch wrote:
> "Caskey L. Dickson" <caskey at technocage.com> writes:
> > Once before I had a problem where after signing a key it didn't get
> > trusted.  I've done it a dozen times in the past three days with test keys
> > as I experiment with gpg and only once did I have this problem.  A comment
> 
> Interesting.

It happened the second time I went about creating a set of keys.  It
happened to be the time I was documenting my process and so my page on it
has the messages pasted in before and after.

> > actually) and that seemed to work.  I don't know if this is a bad
> > thing(tm) as I was only working with a keyring containing those two keys.
> 
> You can do so but you will loose the assigned owner trust values; next
> version will have a backup system for this.  The trustdb stores lists
> of valid key signatures because the verification process is very time
> consuming.

My experiments have just reached the point where they include 3 keys and I
discovered the need to assign trust levels for indirectly known keys.  It
would definately be a loss if you had to revert to deleting your trust
database.

I'm not skillful enough to do anything with it, but I still have my copy
of the trust database that wouldn't work (i.e. existed immediately after
signing) and the one that did work when I moved the non-functional one
away. If anyone wants them to dissect you're welcome to them.  Here's the
results of swapping them back and forth... 

1) encrypt with working trust database --> works
2) swap trust database with broken one
3) encrypt with old, broken trust database --> fails
4) remove signature from key with --edit-key
5) attempt encryption again --> fails (like it should)
6) sign key
7) attempt encryption again --> fails (???)
8) delete trust database
9) attempt encryption again --> FDF99707.5: inserted into trustdb

*************************************************************************

[caskey at polo sender]$ echo hi | gpg --homedir . --encrypt --armor -r
recipient --no-greeting
*works*
[caskey at polo sender]$ cp trustdb.gpg.broken trustdb.gpg
[caskey at polo sender]$ echo hi | gpg --homedir . --encrypt --armor -r
recipient --no-greeting
Could not find a valid trust path to the key.  Let's see whether we
can assign some missing owner trust values.

No ownertrust values changed.
[caskey at polo sender]$ gpg --homedir . --edit-key recipient 
Remove this signature? y
Do you really want to remove the selected signatures? y
[caskey at polo sender]$ echo hi | gpg --homedir . --encrypt --armor -r
recipient --no-greeting            
Could not find a valid trust path to the key.  Let's see whether we
can assign some missing owner trust values.

No ownertrust values changed.
[caskey at polo sender]$ gpg --homedir . --sign-key recipient
Are you really sure that you want to sign this key:
Sign this key? y
[caskey at polo sender]$ echo hi | gpg --homedir . --encrypt --armor -r
recipient --no-greeting
Could not find a valid trust path to the key.  Let's see whether we
can assign some missing owner trust values.

No ownertrust values changed.
[caskey at polo sender]$ rm trustdb.gpg
[caskey at polo sender]$ echo hi | gpg --homedir . --encrypt --armor -r
recipient --no-greeting
gpg: key FDF99707.5: inserted into trustdb
(encrypted output)
**************************************************************************

--------------------------------------------------------------------------
          "Wish not to seem, but to be, the best." -- Aeschylus
--------------------------------------------------------------------------
Caskey <caskey*technocage.com>       ///                pager.818.698.2306
TechnoCage Inc.                     ///|               gpg: 1024D/7BBB1485
--------------------------------------------------------------------------
     Maybe everyone's driving a minivan with ego in the front seat,
     inadequacy fighting in the back seat and nobody really paying 
                     attention to the road. -- Bradt

More information about the Gnupg-devel mailing list