Page MenuHome GnuPG

keyring_search failed and failed to rebuild keyring cache: Legacy key
Closed, ResolvedPublic


After migration from gpg2 to gpg21 and getting and signing some
new certs I've noticed the following error message.

What is the right path to remedy the situation?

LANG=C gpg2 --check-trustdb
gpg: enabled debug flags: memstat
gpg: keyring_search failed: Legacy key
gpg: failed to rebuild keyring cache: Legacy key
gpg: marginals needed: 3 completes needed: 1 trust model: PGP
gpg: depth: 0 val [..]

LANG=C gpg2 --version
gpg (GnuPG) 2.1.11
libgcrypt 1.6.5

dpkg -s gnupg2
Architecture: i386
Version: 2.1.11-99intevation2



Event Timeline

Thanks for reporting this. The right solution is for --check-trustdb to ignore
legacy keys.

On Sunday 06 March 2016 at 15:18:54, Neal Walfield via BTS wrote:

is for --check-trustdb

To be extra clear: the failure message also comes if other trustdb
recalculation are taking place, not just with "--check-trustdb".

Sorry, I was using --check-trustdb as a shorthand for the actual function.

We had the same effect here and it was caused by a V3 public key in the
This key does not show up while listing the public keys with GnuPG 2.1.12. We
could only identify and remove it by accessing the keyring with a GnuPG 1.4.x
It should be considered to either

  • display the key also during the list-keys command (to help the user to track

down the problem)

  • ignore it silently while building the trust db.
justus claimed this task.