Troubleshooting GnuPG – gpg: no ultimately trusted keys found

My GPG installation (Windows binaries, some ancient version) has worked flawlessly for several years, but I just went to run my usual mail backup script after some minor changes – I installed enigmail for Thunderbird. This act, or some related act, appeared to mess up something in my keyring.

At first I thought it was that it had unsigned my keys, but a closer look indicated it was something to do with the trust database. I thought this would be a trivial problem to solve (ie, I’d be able to Google the error message and be given a nice, simple howto to follow), but I was surprised – there was a bunch of useless stuff.

Anyway, the warning appears to be related to there being no ultimately trusted key (funnily enough). That is, you haven’t specified a “root” key that you have declared as the one that you trust to make all other decisions (I’ve had 4 beers and might not be articulating the purpose of this well).

However, the fix is pretty simple. You just need to specify your key as “ultimately trusted”.

The easiest way to do this (assuming you are using GnuPG command line like I am) is to just edit your key and make it trusted:

1) gpg –edit-key [your key id]
2) select the key (I just typed ‘1’ and hit enter; you can confirm by typing ‘list’
3) type ‘trust’ to change the ownertrust
4) select option 5, “I trust ultimately”, then say ‘yes’ to the confirmation
5) type ‘quit’

…and you’re done.

4 thoughts on “Troubleshooting GnuPG – gpg: no ultimately trusted keys found”

  1. You DON’T TRUST unless you’ve met the person in person!

    gpg: no ultimately trusted keys found Is fine!

    gpg –verify is when you see if you have a GOOD SIGNATURE and that’s all you need!

  2. @Das thats right, but i can surely say that i met myself … in person. so i will trust myself ultimately. and since my key is in the gpg db as well its not fine that there are no ultimately trusted keys found.

    having no trust in my own key happened when i imported it from another host

  3. Works great, thanks for the article.
    Minor correction for the first command: it should be `gpg –-edit-key [your key id]` not `gpg –edit-key [your key id]`

Leave a Reply

Your email address will not be published. Required fields are marked *