Hello, I have got a trustdb that gives the following output on --check-trustdb:
gpg: public key of ultimately trusted key 3ADE2987ABBFDB66 not found gpg: public key of ultimately trusted key 831FE43EDDD16F3D not found gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 6468 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 6468u gpg: next trustdb check due at 2021-01-18 There are two public keys that are not found in public keyring (nor secret keyring actually) but there is a record for them in the trustdb. I have a vague idea how this could have happened, however what I would like to get is a trustdb without the two records. For that, I - called gpg2 --export-ownertrust > otrust.txt - manually removed the two records for which there is no public key - moved current trustdb.gpg to trustdb.gpg.bak - and finally called gpg2 --import-ownertrust < otrust.gpg The output of --check-trustdb with the new db is now okay: gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 6466 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 6466u gpg: next trustdb check due at 2021-01-18 However what bugs me slightly is that trustdb.gpg is now of much smaller size. Before it was: 908K, now it is 554K. There is pretty much the same size decrease if I do not remove the records for missing public keys and just do: - called gpg2 --export-ownertrust > otrust.txt - move current trustdb.gpg to trustdb.gpg.bak - and finally call gpg2 --import-ownertrust < otrust.gpg. The output of --check-trustdb is now: gpg: public key of ultimately trusted key 3ADE2987ABBFDB66 not found gpg: public key of ultimately trusted key 831FE43EDDD16F3D not found gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 6468 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 6468u gpg: next trustdb check due at 2021-01-18 Again, the new trustdb.gpg has 554K, while the original had 908K. And also what is curious is that the new file had 301K before calling --check-trustdb and 554K after. Anyway, it seems the original trustdb is not fully restored after --export-ownertrust and --import-ownertrust even though the output of --check-trustdb gives the same output for the original and new file (6468 valid ultimately trusted keys). I know this is a bit complicated description but could anyone explain what's going on with the changes in the trustdb.gpg file size? Thank you Michal Novotny
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
