Trust assignment fails for key with fingerprint ending in multiple zero blocks
To Damon
damon.tu at outlook.com
Fri Jun 27 04:10:05 CEST 2025
Thanks, the --local-user issue is resolved. However, another problem remains: the public key for the signing subkey (57FA...) is missing locally, and GPG reports:
gpg: DBG: Oops: keyid_from_fingerprint: no pubkey
This results in a "Good signature" message, but with the usual trust warning:
gpg: WARNING: This key is not certified with a trusted signature!
So, while the verification technically succeeds, trust validation remains incomplete without the relevant public key.
tree 2f4f096be9b3d98b960a6b74d3f96752ffddecf1
parent 98e87ea3a8d156cee2af9084e314b2a5e24c951b
author Damon To <abc at dev.dev> 1747978755 +0800
committer Damon To <abc at dev.dev> 1747978755 +0800
chore(deps): update lpac to the latest commit
gpg: Signature made Fri 23 May 2025 01:39:15 PM CST
gpg: using EDDSA key 57FA87AD4B55E9D0C7AEAFBC123C111111111111
gpg: DBG: Oops: keyid_from_fingerprint: no pubkey; fpr: 51F9E32F62FA6745C5CB09C2412A0000
gpg: Good signature from "Damon To <abc at dev.dev>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 51F9 E32F 62FA 6745 C5CB 09C2 412A 0000 0000 0000
Subkey fingerprint: 57FA 87AD 4B55 E9D0 C7AE AFBC 123C 1111 1111 1111
And the output of gpg --list-public-keys --keyid-format=long --with-keygrip:
pub ed25519/412A000000000000 2024-05-26 [SCA]
51F9E32F62FA6745C5CB09C2412A000000000000
Keygrip = C560F403D9B4530AB388114E8133E9F849226FA8
uid [ unknown] Damon To <abc at dev.com>
sub ed25519/123C111111111111 2024-10-10 [S]
Keygrip = 3F23CD42C1797E61C98C1FD13349D109394ED67E
sub cv25519/77CA000000000000 2024-12-19 [E]
Keygrip = 7F73A76CDA19862153E5D79EE685093286B633F7
sub ed25519/100C999999999999 2025-01-07 [SA]
Keygrip = 4383736824F1219D39C49AE7739039F5D1305E2B
To help reproduce the issue, below is a private key whose fingerprint ends with 6B33500000000000:
-----BEGIN PGP PRIVATE KEY BLOCK-----
lFgEZrxltRYJKwYBBAHaRw8BAQdA5YAyQLyr+9iU0vxkNHhZGprv18KrI8tPxWep
p4vH2W8AAP9+1De+ho5PeUTiDJAidUNt3PS2lYt8WmAvpiNsKIf2rhC+tBtUZXN0
ICh0ZXN0KSA8dGVzdEB0ZXN0LmRldj6IkAQTFgoAOBYhBFd+jz9hYlkYycU8Imsz
UAAAAAAABQJoTC/CAhsjBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEGszUAAA
AAAAVhoBAMAWN3LHDK2BStO8jGyVZMTdN/VGCfVTtW0At1DSwe/dAQDlP0qpFm8V
oO5Wbk9U4x+VefbnQMiJQdh7KJGa60t/BA==
=qaQF
-----END PGP PRIVATE KEY BLOCK-----
> On 26 Jun 2025, at 15:39, To Damon <liangping.to at outlook.com> wrote:
>
> I've tried to fix the trustdb following the recommended steps (exporting ownertrust, deleting trustdb.gpg, and importing ownertrust), but the issue still persists.
> When I run gpg --list-secret-keys --with-fingerprint --with-keygrip, I see the following warning:
>
> gpg: DBG: Oops: keyid_from_fingerprint: no pubkey; fpr: 51f9e32f62fa6745c5cb09c2412a0000
> gpg: Note: ultimately trusted key 0000000000000000 not found
> gpg: no ultimately trusted keys found
>
> And when trying to sign:
>
> echo "test" | gpg --clear-sign --user 412A000000000000
>
> I get:
>
> gpg: WARNING: recipients (-r) given without using public key encryption
> gpg: DBG: Oops: keyid_from_fingerprint: no pubkey; fpr: 51f9e32f62fa6745c5cb09c2412a0000
>
> It seems like the key is still missing or not trusted properly. Any ideas on what else I can try?
>
>
>> On 25 Jun 2025, at 23:50, Werner Koch <wk at gnupg.org> wrote:
>>
>> Hi!
>>
>>>>> gpg: DBG: Oops: keyid_from_fingerprint: no pubkey; fpr:
>>>>> 51f9e32f62fa6745c5cb09c2412a0000
>>
>> The trustdb is probably corrupt. Try this:
>>
>> $ gpg --fix-trustdb
>> gpg: You may try to re-create the trustdb using the commands:
>> gpg: cd ~/.gnupg
>> gpg: gpg --export-ownertrust > otrust.tmp
>> gpg: rm trustdb.gpg
>> gpg: gpg --import-ownertrust < otrust.tmp
>>
>>
>> Shalom-Salam,
>>
>> Werner
>>
>> --
>> The pioneers of a warless world are the youth that
>> refuse military service. - A. Einstein
>
More information about the Gnupg-users
mailing list