the message Fatal: mypath/trustdb.gpg: invalid trustdb reads like you have a problem with reading or writing (or both) of an GnuPG internal file called “trustdb.gpg”.
It usually resides in your personal $GNUPGHOME directory (see section 22 of the compendium, https://www.gpg4win.org/doc/en/gpg4win-compendium_28.html)
Check that this directory can be written to and that the file exist and has is not empty.
Hmm I guess you would have seen an error message when importing the pubkey.
I have removed some lock files from the gnupg directory, but that didnt work either.
The import of the public key seems to have worked, see the first part of the verbose output:
gpg: using character set `CP850’
:signature packet: algo 1, keyid 9DFE2648B43434E4
version 4, created 1493457056, md5len 0, sigclass 0x00
digest algo 8, begin of digest f6 47
hashed subpkt 2 len 4 (sig created 2017-04-29)
subpkt 16 len 8 (issuer key ID 9DFE2648B43434E4)
data: [2048 bits]
gpg: Signature made 04/29/17 11:10:56 West-Europa (zomertijd) using RSA key ID B43434E4
gpg: 0: read expected rec type 1, got 0
gpg: Fatal: mypath/trustdb.gpg: invalid trustdb
I notice that in all the example the signature file has ‘sig’ extension, while the signature i am trying to use has ‘gpg’. I’m trying to verify the putty installer, btw.
Note that the signature itself seems to be verified fine, so if this is the only
pubkey you have in the keyring and you know that it is the right pubkey (belonging
to the party you want to get the installer from) you shall be fine for your main
purpose.
As for the trustdb error message, if we want to inquire further:
Please try
gpg2 --check-trustdb
and if this does not work, can you give me the windows version you are using
and the steps you did since installation for checking the putty releases?
Maybe this way I can reproduce the problem.
Thank you for you advice. I’m not particulary interested to get to the bottom of this, but in case you are or someone else reading this is, i checked the db:
This is on windows 10, version 1703, build 15063.296.
I’ve tried deinstalling and reinstalling gpg4win and i’ve removed some lockfiles from its folder.
I think the db problem is unrelated to the problems i have verifying the putty download, because when i try to verify the download with the context menu i get a message that the gpg file is not a signature file, while the command-line utility recognizes it as a signature created with the expected key.