Verification error, wrong rec type

I’ve downloaded and installed gpg4win-2.3.3 and i’m trying to use it to verify the signature of a downloaded file.

I have downloaded and imported the signer’s public key prior to running:
gpg --verify signature_of_installer.gpg installer.msi

I get the following output:

gpg: Signature made 04/29/17 11:10:56 West-Europa (zomertijd) using RSA key ID B43434E4
gpg: 0: read expected rec type 1, got 0
gpg: Fatal: mypath/trustdb.gpg: invalid trustdb

I dont even know if the read error is about the msi file, the signature file or about some gpg-owned file.
Any help is much appreciated!

Ivana

Dear Ivana,

the message Fatal: mypath/trustdb.gpg: invalid trustdb reads like you have a problem with reading or writing (or both) of an GnuPG internal file called “trustdb.gpg”.
It usually resides in your personal $GNUPGHOME directory (see section 22 of the compendium, https://www.gpg4win.org/doc/en/gpg4win-compendium_28.html)

Check that this directory can be written to and that the file exist and has is not empty.

Hmm I guess you would have seen an error message when importing the pubkey.

A way to find out more about the error message is to use “-vvv”, see section
command line in https://wiki.gnupg.org/TroubleShooting.

Thanks for using Gpg4win,
Bernhard

Thanks Bernhard,

Checking permissions on the db file:
icacls mypath/trustdb.gpg

returns:
mypath/trustdb.gpg NT AUTHORITY\SYSTEM:(F)
INGEBOUWD\Administrators:(F)
COMPANY\me:(F)
Supposedly i have full access
https://technet.microsoft.com/en-us/library/cc753525.aspx

I have removed some lock files from the gnupg directory, but that didnt work either.
The import of the public key seems to have worked, see the first part of the verbose output:

gpg: using character set `CP850’
:signature packet: algo 1, keyid 9DFE2648B43434E4
version 4, created 1493457056, md5len 0, sigclass 0x00
digest algo 8, begin of digest f6 47
hashed subpkt 2 len 4 (sig created 2017-04-29)
subpkt 16 len 8 (issuer key ID 9DFE2648B43434E4)
data: [2048 bits]
gpg: Signature made 04/29/17 11:10:56 West-Europa (zomertijd) using RSA key ID B43434E4
gpg: 0: read expected rec type 1, got 0
gpg: Fatal: mypath/trustdb.gpg: invalid trustdb

I notice that in all the example the signature file has ‘sig’ extension, while the signature i am trying to use has ‘gpg’. I’m trying to verify the putty installer, btw.

Ivana

Please run the the import again with ‘-vvv’.
What length is the trustdb.gpg file?

Do other verifications work?

The trustdb is 1kB in size.

The import throws no errors:

gpg: using character set `CP850’
gpg: armor: BEGIN PGP PUBLIC KEY BLOCK
gpg: armor header: Version: GnuPG v1
:public key packet:
version 4, algo 1, created 1441039029, expires 0
pkey[0]: [2048 bits]
pkey[1]: [17 bits]
keyid: 9DFE2648B43434E4
:user ID packet: “PuTTY Releases putty@projects.tartarus.org
:signature packet: algo 1, keyid 9DFE2648B43434E4
version 4, created 1441039029, md5len 0, sigclass 0x13
digest algo 8, begin of digest 5f 4a
hashed subpkt 2 len 4 (sig created 2015-08-31)
hashed subpkt 27 len 1 (key flags: 03)
hashed subpkt 9 len 4 (key expires after 3y0d0h0m)
hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 3)
hashed subpkt 21 len 4 (pref-hash-algos: 10 9 8 11)
hashed subpkt 22 len 4 (pref-zip-algos: 2 3 1 0)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (key server preferences: 80)
subpkt 16 len 8 (issuer key ID 9DFE2648B43434E4)
data: [2048 bits]
:signature packet: algo 1, keyid AB585DC604676F7C
version 4, created 1441039630, md5len 0, sigclass 0x10
digest algo 8, begin of digest 75 6f
hashed subpkt 2 len 4 (sig created 2015-08-31)
subpkt 16 len 8 (issuer key ID AB585DC604676F7C)
data: [4096 bits]

gpg: pub 2048R/B43434E4 2015-08-31 PuTTY Releases putty@projects.tartarus.org
gpg: key B43434E4: “PuTTY Releases putty@projects.tartarus.org” not changed
gpg: Total number processed: 1
gpg: unchanged: 1

Note that the signature itself seems to be verified fine, so if this is the only
pubkey you have in the keyring and you know that it is the right pubkey (belonging
to the party you want to get the installer from) you shall be fine for your main
purpose.

As for the trustdb error message, if we want to inquire further:
Please try
gpg2 --check-trustdb

and if this does not work, can you give me the windows version you are using
and the steps you did since installation for checking the putty releases?
Maybe this way I can reproduce the problem.

Best Regards,
Bernhard

Thank you for you advice. I’m not particulary interested to get to the bottom of this, but in case you are or someone else reading this is, i checked the db:

C:>gpg2 --check-trustdb
gpg: 0: read expected rec type 1, got 0
gpg: Fatal: mypath/trustdb.gpg: invalid trustdb

This is on windows 10, version 1703, build 15063.296.

I’ve tried deinstalling and reinstalling gpg4win and i’ve removed some lockfiles from its folder.
I think the db problem is unrelated to the problems i have verifying the putty download, because when i try to verify the download with the context menu i get a message that the gpg file is not a signature file, while the command-line utility recognizes it as a signature created with the expected key.

Hi Ivana,

thanks for reporting the problem anyway. So far I haven’t heard about it.

Bernhard