6

I'd like to give the highest trust level to a certificate. I need to do so, as this certificate is mine but I don't have exported it before formatting my PC.

I have downloaded it from a public key server and I have my private key saved in KeePass, but I don't know what to do next.

Jens Erat
  • 37,523
  • 16
  • 80
  • 96
fede.97
  • 73
  • 1
  • 3
  • Please have a look at the [FAQ] to get an understanding what kinds of questions are on topic on Stack Overflow. This is not a development question at all, and a much better fit for Stack Overflow's sister site, Super User. I already flagged your question for migration, you don't have to do anything but asking on the right platform next time. – Jens Erat Aug 03 '15 at 10:14
  • I posted here as I found some other questions about gpg. Sorry about that – fede.97 Aug 03 '15 at 10:45

1 Answers1

6

I'm sorry I cannot tell you how to do it in Kleopatra, but it is rather easy on the command line.

  1. If you haven't imported the private key yet, save it to a file (let's say, key.pgp, name and extension don't matter). Now run gpg --import <key.pgp. Your key should be listed using gpg -K now.
  2. For setting trust (the highest trust level in OpenPGP is "ultimate", which is usually only applied to your own certificates, as you want to do in this case), run gpg --edit-key [key-id] (printed in gpg -K above). In the edit key menu, run trust; and enter 5 (followed by Return for "I trust ultimately". Confirm with y (again followed by Return), and finally run save to store the modified key and quit GnuPG.
Jens Erat
  • 37,523
  • 16
  • 80
  • 96
  • Thanks for your reply. When I try to import the key saved into the file i get an error (translated from italian): No valid OpenPGP data found Total number of ‪analysed files: 0 – fede.97 Aug 03 '15 at 10:50
  • If the answer resolved your issue, please consider selecting the checkmark on the left to mark the question as answered. – Jens Erat Aug 03 '15 at 10:52
  • I think you read my message before I fully edited it. I didn't thought return here meant "send" like in a chat. – fede.97 Aug 03 '15 at 10:58
  • This sounds like serious trouble, and your private key file is messed up. Do you know how you created/exported it to KeePass? – Jens Erat Aug 03 '15 at 11:07
  • I think we found the problem. I haven't exported the private key file BUT I have the key itself (my "password", if we can say it this way) – fede.97 Aug 03 '15 at 11:21
  • If you haven't got a backup of the private key, you lost it, and will not be able to recover it. If you've pregenerated a revocation certificate, you can at least [revoke the public key](http://askubuntu.com/questions/597750/how-to-revoke-old-openpgp-keys/597802#597802) (which seems to be stored in the key server network). – Jens Erat Aug 03 '15 at 11:25
  • Mhhh, thanks. I think I'll just create a new one :) – fede.97 Aug 03 '15 at 12:00
  • And remember to set up a reasonable backup (including more than just your private keys) and generating a revocation certificate. – Jens Erat Aug 03 '15 at 12:10
  • Yep, it's strange indeed that I haven't been able to found any. I'm generally very accurate about data safety. Thanks anyway – fede.97 Aug 03 '15 at 12:14
  • Kleopatra does _not_ store the keys, GnuPG does. Maybe you actually have the private keys in your backup, if you backed up the `~/.gnupg` folder. – Jens Erat Aug 03 '15 at 12:30