-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 15 Jan 2006 13:05:35 -0600 Jacob S <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 13 Jan 2006 13:27:12 -0600 > John Hasler <[EMAIL PROTECTED]> wrote: > > > Jacob writes: > > > So, I figure there must be some way to 'upgrade' the trustdb so > > > that I can fetch new keys without corrupting the trustdb, but I > > > don't know what it is. Anyone have any advice on a good way to fix > > > this? > > > > I'd try deleting the trustdb and letting gpg rebuild it. > > Except then I lose any trust values I had assigned to keys. For > example, when I read an encrypted message in mutt, I get the following > warnings: > > gpg: WARNING: This key is not certified with a trusted > signature! > gpg: There is no indication that the signature belongs to the owner. > gpg: WARNING: message was not integrity protected > > But because I had assigned a trust level (and maybe another trick or > two, I don't remember for sure), when the old trustdb is in place that > message doesn't appear. I know, I could edit those keys all over again > and assign trust values, but I was hoping to avoid that. I finally found it. In addition to doing the normal gpg --export and gpg --export-secret-keys I needed to do a --export-ownertrust. Then I could wipe out my ~/.gnupg dir (actually, I used mv instead) and let gpg recreate it when I did a gpg --import and gpg --import-ownertrust. And gnupg is now able to download new/updated keys from public keyservers again. Thought I would archive the solution here for anybody that might be googling. Jacob -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD0AYxkpJ43hY3cTURAvNuAJwMxwAjTeZAsjq9fHce56PP6vU4XgCgvqWe KQ2ygMnQLXFpimnpSdafvK4= =44bO -----END PGP SIGNATURE-----
