I did a clean install of Arch Linux and imported my backed up gpg private key. As a sanity check I ran:
gpg --list-keys
Everything showed up as normal except for the uid which now reads:
uid [ unknown ] User < [email protected] >
When I first created this key before the clean install it read:
uid [ ultimate ] User < [email protected] >
Why would it change from [ ultimate ] to [ unknown ]after importing it onto a clean install?
GNUPG has a trust database stored at ~/.gnupg/trustdb.gpg
You can backup this trust database using the --export-ownertrust option:
gpg --export-ownertrust > file.txt
If you exported your secret keys and import them later into a new environment, the trust database is no longer present.
However, this is easily remedied:
gpg --edit-key [email protected]
gpg> trust
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
And don't forget to save the changes:
gpg> save
Read about trust levels and values. E.g. unknown Nothing is known about the owner's judgement in key signing. Keys on your public keyring that you do not own initially have this trust level.
save is not necessary, giving 'Key not changed so no update needed.'
Commented
May 12, 2020 at 13:38
save is still very necessary. Without it I've been wondering why the ruddy hell my scripts to encrypt backups kept rejecting an encryption subkey. Time very wasted on my part!
gpg --edit-key [email protected] (still says [unknown] when viewing gpg --list-secret-keys), try doing gpg --edit-key followed by the hex key, Ex. 0123456789ABCDEF0123456789ABCDEF01234567. You also might have to restart gpg for changes to show: Please note that the shown key validity is not necessarily correct unless you restart the program.
Commented
Nov 21, 2022 at 3:04