Bug#840849: [pkg-gnupg-maint] Bug#840849: gnupg2: pubkeyring and secretkey unusable
Hello Daniel, Am 19.10.2016 um 05:57 schrieb Daniel Kahn Gillmor: > On Tue 2016-10-18 13:07:12 -0400, Mechtilde wrote: > >> thanks for your help at IRC to solve the problem with my secret key. >> >> I still have problems with my public keyring. There aren't the >> information of trust. > > i'm not sure specifically what you mean by "information of trust" -- do > you mean validity of user ids? or knowledge of which keys are > "ultimately" or "fully" or "marginally" trusted as introducers (this is > known as "ownertrust")? Yes, this interpretation is right. > if you run "gpg --check-trustdb" it will show you how many keys have > certain ownertrust levels. For example: > > gpg: marginals needed: 3 completes needed: 1 trust model: pgp > gpg: depth: 0 valid: 1 signed: 19 trust: 0-, 0q, 0n, 0m, 0f, 1u > gpg: depth: 1 valid: 19 signed: 58 trust: 18-, 0q, 0n, 0m, 0f, 0u The result I get is too little > > means that there is one key with ultimate ownertrust which has signed 19 > keys, and no other keys have any ownertrust. > > Do you recall having assigned ownertrust in the past to any keys? how > many secret keys do you have that are your own? Those keys should have > "ultimate" ownertrust. No they haven't. > >> I only see the Name and E-Mail addresses from the mails I get since >> last Friday. > > This sounds mail user agent specific to me; it seems that you're using > thunderbird (with enigmail?), but i'm not sure what it means to "only see > the Name and E-Mail addresses" -- can you clarify? yes this is right. I use Icedove with Enigmail. > >> What is the best solution to recover? Should I copy the file "trustdb" >> from the machine with Debian Stable? > > if you have an older copy of your ~/.gnupg/ on a machine that has gpg1, > you should try using "gpg1 --homedir /path/to/.gnupg.backup > --export-ownertrust" and comparing its output with "gpg2 > --export-ownertrust" (which looks at the current ~/.gnupg). I try this. Then I saw the trust I set for some new keys. But most of them are missing. > > if they differ, you might try sending the old ownertrust into stdin of > "gpg2 --import-ownertrust" and seeing whether that resolves the issue. > > the ownertrust should *not* have been cleared during the upgrade, but > maybe it somehow was? The last step I tried: I imported the old public keyring too. So I summarize: I needed to import the old public keyring and the trustdb. Thanks for your advices > > --dkg > Mechtilde Stehmann -- ## Debian ## Loook, calender-exchange-provider, libreoffice-canzeley-client ## PGP encryption welcome ## Key-ID 0x141AAD7F
Bug#840849: [pkg-gnupg-maint] Bug#840849: gnupg2: pubkeyring and secretkey unusable
On Tue 2016-10-18 13:07:12 -0400, Mechtilde wrote: > thanks for your help at IRC to solve the problem with my secret key. > > I still have problems with my public keyring. There aren't the > information of trust. i'm not sure specifically what you mean by "information of trust" -- do you mean validity of user ids? or knowledge of which keys are "ultimately" or "fully" or "marginally" trusted as introducers (this is known as "ownertrust")? if you run "gpg --check-trustdb" it will show you how many keys have certain ownertrust levels. For example: gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 19 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: depth: 1 valid: 19 signed: 58 trust: 18-, 0q, 0n, 0m, 0f, 0u means that there is one key with ultimate ownertrust which has signed 19 keys, and no other keys have any ownertrust. Do you recall having assigned ownertrust in the past to any keys? how many secret keys do you have that are your own? Those keys should have "ultimate" ownertrust. > I only see the Name and E-Mail addresses from the mails I get since > last Friday. This sounds mail user agent specific to me; it seems that you're using thunderbird (with enigmail?), but i'm not sure what it means to "only see the Name and E-Mail addresses" -- can you clarify? > What is the best solution to recover? Should I copy the file "trustdb" > from the machine with Debian Stable? if you have an older copy of your ~/.gnupg/ on a machine that has gpg1, you should try using "gpg1 --homedir /path/to/.gnupg.backup --export-ownertrust" and comparing its output with "gpg2 --export-ownertrust" (which looks at the current ~/.gnupg). if they differ, you might try sending the old ownertrust into stdin of "gpg2 --import-ownertrust" and seeing whether that resolves the issue. the ownertrust should *not* have been cleared during the upgrade, but maybe it somehow was? --dkg signature.asc Description: PGP signature
Bug#840849: [pkg-gnupg-maint] Bug#840849: gnupg2: pubkeyring and secretkey unusable
Hello Daniel, thanks for your help at IRC to solve the problem with my secret key. I still have problems with my public keyring. There aren't the information of trust. I only see the Name and E-Mail addresses from the mails I get since last Friday. What is the best solution to recover? Should I copy the file "trustdb" from the machine with Debian Stable? Kind regards Mechtilde Am 18.10.2016 um 07:11 schrieb Daniel Kahn Gillmor: > Hi Mechtilde-- > > On Sat 2016-10-15 09:54:00 -0400, mechtilde wrote: >> since last update on Friday 2016-10-14 I can't use my key(ring). As I try to >> list the keys with 'gpg --list-public-keys' as using it with enigmail fails. >> >> So neither I can read crypted mails nor I can send cryted and/or signed mails >> from this machine. >> >> The keyfiles themselves are the same as at an stable machine where gnupg and >> enigmail works. > > I think we managed to resolve this on IRC -- is this the same problem > that was resolved with a second "gpg --import ~/.gnupg/secring.gpg" ? > If so, do you have any more info about the differences between > private-keys-v1.d before and after the import? > > --dkg > signature.asc Description: OpenPGP digital signature
Bug#840849: [pkg-gnupg-maint] Bug#840849: gnupg2: pubkeyring and secretkey unusable
Hi Mechtilde-- On Sat 2016-10-15 09:54:00 -0400, mechtilde wrote: > since last update on Friday 2016-10-14 I can't use my key(ring). As I try to > list the keys with 'gpg --list-public-keys' as using it with enigmail fails. > > So neither I can read crypted mails nor I can send cryted and/or signed mails > from this machine. > > The keyfiles themselves are the same as at an stable machine where gnupg and > enigmail works. I think we managed to resolve this on IRC -- is this the same problem that was resolved with a second "gpg --import ~/.gnupg/secring.gpg" ? If so, do you have any more info about the differences between private-keys-v1.d before and after the import? --dkg signature.asc Description: PGP signature
