Re: Gnupg - upgrade a trustdb?

[Jacob S <stormspotter@6Texans.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 15 Jan 2006 13:05:35 -0600
Jacob S <stormspotter@6Texans.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Fri, 13 Jan 2006 13:27:12 -0600
> John Hasler <jhasler@debian.org> wrote:
> 
> > Jacob writes:
> > > So, I figure there must be some way to 'upgrade' the trustdb so
> > > that I can fetch new keys without corrupting the trustdb, but I
> > > don't know what it is. Anyone have any advice on a good way to fix
> > > this?
> > 
> > I'd try deleting the trustdb and letting gpg rebuild it.
> 
> Except then I lose any trust values I had assigned to keys. For
> example, when I read an encrypted message in mutt, I get the following
> warnings:
> 
> gpg: WARNING: This key is not certified with a trusted
> signature! 
> gpg: There is no indication that the signature belongs to the owner.
> gpg: WARNING: message was not integrity protected
> 
> But because I had assigned a trust level (and maybe another trick or
> two, I don't remember for sure), when the old trustdb is in place that
> message doesn't appear. I know, I could edit those keys all over again
> and assign trust values, but I was hoping to avoid that.

I finally found it. In addition to doing the normal gpg --export and
gpg --export-secret-keys I needed to do a --export-ownertrust. Then I
could wipe out my ~/.gnupg dir (actually, I used mv instead) and let
gpg recreate it when I did a gpg --import and gpg --import-ownertrust.

And gnupg is now able to download new/updated keys from public
keyservers again. Thought I would archive the solution here for anybody
that might be googling.

Jacob
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD0AYxkpJ43hY3cTURAvNuAJwMxwAjTeZAsjq9fHce56PP6vU4XgCgvqWe
KQ2ygMnQLXFpimnpSdafvK4=
=44bO
-----END PGP SIGNATURE-----