On Wed, 9 Oct 2024 13:55, Mike Schleif said: > We do not want every key at level ultimate, and we do not want to manually > edit hundreds of keys to change each trust level.
There is a an easier way:
gpg --export-ownertrust >ownertrust.txt
and then edit that file. You see lines like
AEA84EDCF01AD86C4701C85C63113AE866587D0A:6:
The first field is the fingerprint and the second field (6) gives the
ownertrust value:
#define TRUST_MASK 15
#define TRUST_UNKNOWN 0 /* o: not yet calculated/assigned */
#define TRUST_EXPIRED 1 /* e: calculation may be invalid */
#define TRUST_UNDEFINED 2 /* q: not enough information for calculation */
#define TRUST_NEVER 3 /* n: never trust this pubkey */
#define TRUST_MARGINAL 4 /* m: marginally trusted */
#define TRUST_FULLY 5 /* f: fully trusted */
#define TRUST_ULTIMATE 6 /* u: ultimately trusted */
/* Trust values not covered by the mask. */
#define TRUST_FLAG_REVOKED 32 /* r: revoked */
#define TRUST_FLAG_SUB_REVOKED 64 /* r: revoked but for subkeys */
#define TRUST_FLAG_DISABLED 128 /* d: key/uid disabled */
#define TRUST_FLAG_PENDING_CHECK 256 /* a check-trustdb is pending */
#define TRUST_FLAG_TOFU_BASED 512 /* The trust value is based on
* the TOFU information. */
Thus setting the second fields to 5 and do a
gpg --import-ownertrust < ownertrust.txt
gpg --check-trustdb
should do what you have in mind.
But let me note that this is not an official API - it works but it may
in theory be changed w/o notice.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
