HOW to upgrade: 2.0.22 --> 2.3.3 ???

Mike Schleif mike at mdsresource.net
Thu Oct 10 15:08:46 CEST 2024 

key: 41261F6446B51FDBD18FDDF8C4D62F13571F553F

ownertrust.txt:
41261F6446B51FDBD18FDDF8C4D62F13571F553F:5:

# /usr/bin/gpg --list-keys 9B51B2A5C71BDCEC
pub   rsa2048 2023-07-10 [SC] [expires: 2025-10-09]
      41261F6446B51FDBD18FDDF8C4D62F13571F553F
uid           [ unknown] FISERV-SFG-NA-PROD-GPG-2K-23-193-01 (FISERV SFG NA
PROD GPG 2K) <X3GDS_FDFileGateway at fiserv.com>
sub   rsa2048 2023-07-10 [E] [expires: 2025-10-09]

encryption error:
gpg: 9B51B2A5C71BDCEC: There is no assurance this key belongs to the named
user


Is the _only_ solution to convert ALL keys to ultimate (6)?

Please, advise. Thank you.

~ Mike



On Thu, Oct 10, 2024 at 2:34 AM Werner Koch <wk at gnupg.org> wrote:

> On Wed,  9 Oct 2024 13:55, Mike Schleif said:
>
> > We do not want every key at level ultimate, and we do not want to
> manually
> > edit hundreds of keys to change each trust level.
>
> There is a an easier way:
>
>   gpg --export-ownertrust >ownertrust.txt
>
> and then edit that file.  You see lines like
>
> AEA84EDCF01AD86C4701C85C63113AE866587D0A:6:
>
> The first field is the fingerprint and the second field (6) gives the
> ownertrust value:
>
> #define TRUST_MASK       15
> #define TRUST_UNKNOWN     0  /* o: not yet calculated/assigned */
> #define TRUST_EXPIRED     1  /* e: calculation may be invalid */
> #define TRUST_UNDEFINED   2  /* q: not enough information for calculation
> */
> #define TRUST_NEVER       3  /* n: never trust this pubkey */
> #define TRUST_MARGINAL    4  /* m: marginally trusted */
> #define TRUST_FULLY       5  /* f: fully trusted      */
> #define TRUST_ULTIMATE    6  /* u: ultimately trusted */
> /* Trust values not covered by the mask. */
> #define TRUST_FLAG_REVOKED        32 /* r: revoked */
> #define TRUST_FLAG_SUB_REVOKED    64 /* r: revoked but for subkeys */
> #define TRUST_FLAG_DISABLED      128 /* d: key/uid disabled */
> #define TRUST_FLAG_PENDING_CHECK 256 /* a check-trustdb is pending */
> #define TRUST_FLAG_TOFU_BASED    512 /* The trust value is based on
>                                       * the TOFU information.  */
>
> Thus setting the second fields to 5 and do a
>
>   gpg --import-ownertrust < ownertrust.txt
>   gpg --check-trustdb
>
> should do what you have in mind.
>
> But let me note that this is not an official API - it works but it may
> in theory be changed w/o notice.
>
>
> Salam-Shalom,
>
>    Werner
>
> --
> The pioneers of a warless world are the youth that
> refuse military service.             - A. Einstein
>


-- 

If ever I can be of service to you; contact me at once.
I wish for you a truly extraordinary day ...

-- 
Best Regards,

Mike Schleif
612-235-6060
https://mikeschleif.net
http://mdsresource.net
http://www.linkedin.com/in/schleif
http://facebook.com/MDSResource
http://twitter.com/mikeschleif
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20241010/8384cc30/attachment.html>

More information about the Gnupg-users mailing list