Trust assignment fails for key with fingerprint ending in multiple zero blocks
Werner Koch
wk at gnupg.org
Fri Jun 27 09:25:26 CEST 2025
On Thu, 26 Jun 2025 07:39, To Damon said:
> gpg: Note: ultimately trusted key 0000000000000000 not found
Is a fingerprint ending in these zeros in the exported ownertrust list?
If so, delete this line. Do you have hany trusted-keys options in your
gpg.conf with such a fingerprint?
If you run "gpg -K" is there a key with such a fingerprint? Don't use
such a key. In theory we could test for this during key generation but
due to a probablity of 1:1^64 it is more than unlikley that you get such
a key by chance. Changing the fingerprint would be easy; we just need to
bump up the creation date by a second. However with smartcards it gets
more complicated to implement that mitigation.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250627/f98905c4/attachment.sig>
More information about the Gnupg-users
mailing list