Daniel Kahn Gillmor wrote: > On 03/05/2010 01:30 AM, Smith, Cathy wrote: >> The gpg --list-sig shows that the keys are signed. Do I need to create a >> new signature key, and re-sign all the public keys that I imported? > > I think the simplest thing for you to do is to modify the ownertrust of > your old signing key on the new installation. That is, you say that all > the keys are signed, presumably by some particular key that you used in > your PGP installation. Let's pretend that key's ID is 0xDECAFBAD. > PGP and GnuPG have different mechanisms for marking the trust of a signing key. In PGP, it's called 'Implicit Trust' and is a check box in Key Properties. It's stored as part of the key. In GnuPG, the same trust level is called 'Ultimate trust' and trust values are stored in a separate file, trustdb.gpg. It's the most common problem I've seen when a user migrates keyrings.
Having done this migration several times to answer migrating users' questions, I
can confirm the 'proper' solution is as Daniel suggested: edit your signing
key(s) and set the trust level to ultimate. 'Trust' will then propagate from
your key to the keys you have signed.
--
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or
mailto:pgp-public-k...@gingerbear.net?subject=help
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
