58

I did a clean install of Arch Linux and imported my backed up gpg private key. As a sanity check I ran:

gpg —list-keys

Everything showed up as normal except for the uid which now reads:

uid [ unknown ] User < [email protected] >

When I first created this key before the clean install it read:

uid [ ultimate ] User < [email protected] >

Why would it change from [ ultimate ] to [ unknown ]after importing it onto a clean install?

Thanks in advance.

1 Answers1

76

GNUPG has a trust database stored at ~/.gnupg/trustdb.gpg

You can backup this trust database using the --export-ownertrust option:

gpg --export-ownertrust > file.txt

If you exported your secret keys and import them later into a new environment, the trust database is no longer present.

However, this is easily remedied:

gpg --edit-key [email protected]

gpg> trust

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5

And don't forget to save the changes:

gpg> save
RubberStamp
  • 6,908
  • 2
  • 18
  • 22
  • I keep getting ` gpg: can't do this in batch mode ` – Tim Siwula May 31 '18 at 03:42
  • 5
    Minor note: it seems that `save` is not necessary, giving 'Key not changed so no update needed.' – David Oliver May 12 '20 at 13:38
  • I'm finding `save` is still very necessary. Without it I've been wondering why the ruddy hell my scripts to encrypt backups kept rejecting an encryption subkey. Time very wasted on my part! – Adambean Oct 21 '22 at 16:43
  • If it doesn't seem to work with `gpg --edit-key [email protected]` (still says `[unknown]` when viewing `gpg --list-secret-keys`), try doing `gpg --edit-key` followed by the hex key, Ex. `0123456789ABCDEF0123456789ABCDEF01234567`. You also might have to restart gpg for changes to show: `Please note that the shown key validity is not necessarily correct unless you restart the program.` – Matt Popovich Nov 21 '22 at 03:04