I want to raise a gpg trust key on another machine, how do I do that?

1.9K    Asked by AndreaBailey in SQL Server , Asked on Jan 4, 2022

I have created a master key with two subkeys: one for signing and the other for encryption. Finally, I have exported the two subkeys to a new machine.

How can I tell the new machine to consider the master as "ultimate", even if it is absent from the machine?

Answered by Andrew Jenkins

To change the Ownertrust trust level of a gpg trust key after importing in a simpler way (without the interactive --edit-key mode) I found this way in one line using gpg --import-ownertrust:


  According to this mail from the Gnupg-users mailing list the trust level can be changed using gpg --import-ownertrust You only need to get the fingerprint of the key and the trust level number which is the trust level number you use in the gpg --edit-key [key-id] trust trust level as 1,2,3,4,5 ... + 1 (Don't ask me why but I have tested each level)
1 = I don't know or won't say => will be = 2
2 = I do NOT trust => will be = 3
3 = I trust marginally => will be = 4
4 = I trust fully => will be = 5
5 = I trust ultimately => will be = 6
To change Ownertrust trust level to ultimate as example:

Get the fingerprint of the key (public or private) if already imported (if not use gpg --with-fingerprint mykey.gpg to get fingerprint before importing the key)

gpg --list-keys [key-id]
gpg --list-secret-keys [key-id]
Change the Ownertrust trust level by echoing FINGERPRINT:LEVEL: to gpg --import-ownertrust
echo "07C9F77F0E8134E64A7FF0AA666B4C8DC27B4A0A:6:" | gpg --import-ownertrust
See the new Ownertrust trust level of the key
gpg --list-keys [key-id]
gpg --list-secret-keys [key-id]
You can export your Owner Trust trust level of all keys before or to backup them
gpg --export-ownertrust > trustlevel.txt
And re import them if needed
gpg --import-ownertrust < trustlevel>

Using gpg --import-ownertrust you can set the Ownertrust trust level of a key before importing the key and then the key will be trusted according to the trust level defined after import operation or import the key and then change the trust level of the imported key.



Your Answer