HOW to upgrade: 2.0.22 --> 2.3.3 ???

Tue Oct 8 20:09:12 CEST 2024

Allow me to step back to the beginning.

We need to move off of our CentOS v7x platform ASAP, on which the most
recent GnuPG is v2.0.22. Yes, I know that this is ancient; but, management
does not want to rely on roll-our-own executables.

What I did was:
1. Zip up the .gnupg/ directory on the old system;
2. Unzip it on the new system;
3. Verify the /bin/gpg is on the new system;
4. Successfully tested decryption; and
5. Tried testing encryption.

Sadly, Step 5 (encryption testing) is where the troubles began:
a. gpg: DBG: Oops: keyid_from_fingerprint: no pubkey; fpr: ...

b. gpg: key 0000000000000000 occurs more than once in the trustdb

c. gpg: 079A71E548C19BC0: There is no assurance this key belongs to the
named user

d. gpg: TEST.txt: sign+encrypt failed: Unusable public key

Ought we do something on the legacy (v2.0.22) host before copying to the
new host?

Please, HELP! We need to transition yesterday ...

~ Mike

On Tue, Oct 8, 2024 at 11:18 AM Werner Koch <wk at gnupg.org> wrote:

> On Fri,  4 Oct 2024 12:45, Mike Schleif said:
>
> > gpg (GnuPG) 2.3.3
>
> > BEFORE taking your actions:
> >
> > -rw-r--r--.  1 root root      0 Oct  3 10:45 .gpg-v21-migrated
>
> Which means that you already migtated from 2.0 or 1.4 to 2.1 or later.
> That is the private keys are now stored in separate file below the
>
> > drwx------.  2 root root   4096 Oct  3 10:45 private-keys-v1.d
>
> directory.
>
> > -rw-------.  1 root root 273017 Jul 22 15:03 pubring.gpg
> > -rw-------.  1 root root 273017 Jul 22 15:03 pubring.gpg~
> > -rw-------.  1 root root    600 Oct  3 11:03 random_seed
> > -rw-------.  1 root root   5726 Jul 10  2017 secring.gpg
>
> Take care - that secring.gpg is only used by older gpg versions.
>
> > NOTE: NO .kbx files.
>
> Right, you still use the pubring.gpg - not a real problem but no so
> common.  Something with the migration didn't worked out.  The
> pubring.gpg can't be used for gpgsm (S/MIME) and thus a pubring.kbx
> should have been created during the migration.
>
> > [ROOT at russell ~/.gnupg ] # /bin/gpg --import < exported.gpg
> >  . . .
> > gpg: Total number processed: 189
> > gpg:           w/o user IDs: 1
> > gpg:               imported: 188
> > gpg: public key of ultimately trusted key 0000000000000000 not found
>
> Your trustdb has an ultimately trusted PGP-2 key.  gpg can't disaply the
> fingerprint anymore and thus you see the zeroes.
>
> > gpg: marginals needed: 3  completes needed: 1  trust model: classic
> > gpg: depth: 0  valid:  82  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 82u
> > gpg: next trustdb check due at 2033-09-13
>
> You should
>
>    gpg --edit-key YOURKEY
>
> and enter "trust" to set your key back to ultimately trusted.  This will
> given you back the WoT.
>
> > gpg: key 0000000000000000 occurs more than once in the trustdb
>
> You have several PGP-2 keys in your trustdb.
>
>
> Salam-Shalom,
>
>    Werner
>
> --
> The pioneers of a warless world are the youth that
> refuse military service.             - A. Einstein
>

-- 

If ever I can be of service to you; contact me at once.
I wish for you a truly extraordinary day ...

-- 
Best Regards,

Mike Schleif
612-235-6060
https://mikeschleif.net
http://mdsresource.net
http://www.linkedin.com/in/schleif
http://facebook.com/MDSResource
http://twitter.com/mikeschleif
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20241008/7500c62a/attachment.html>