I can also reproduce the crash with gpg2-2.1.12-1.1 and libgcrypt20-1.6.5-2.1 (see bt in the attachment). I also ran valgrind. There is an "Invalid read" shortly before the crash: ~> valgrind gpg -k ==10542== Memcheck, a memory error detector ==10542== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==10542== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==10542== Command: gpg -k ==10542== gpg: enabled debug flags: memstat gpg: verwende Vertrauensmodell pgp gpg: "Trust-DB" wird �berpr�ft gpg: removing stale lockfile (created by 10456) gpg: buffer shorter than subpacket gpg: buffer shorter than subpacket gpg: signature packet without keyid gpg: buffer shorter than subpacket gpg: buffer shorter than subpacket gpg: buffer shorter than subpacket gpg: signature packet without keyid gpg: buffer shorter than subpacket ==10542== Invalid read of size 4 ==10542== at 0x56016B0: _gcry_mpi_normalize.part.0 (mpi-bit.c:61) ==10542== by 0x560173F: _gcry_mpi_normalize (mpi-bit.c:75) ==10542== by 0x560173F: _gcry_mpi_get_nbits (mpi-bit.c:79) ==10542== by 0x429D5D: encode_md_value (seskey.c:350) ==10542== by 0x43F4AD: check_signature_end_simple (sig-check.c:461) ==10542== by 0x44000E: check_signature_over_key_or_uid (sig-check.c:892) ==10542== by 0x4406EF: check_key_signature2 (sig-check.c:1075) ==10542== by 0x440784: check_key_signature (sig-check.c:686) ==10542== by 0x429601: keyring_rebuild_cache (keyring.c:1554) ==10542== by 0x426293: keydb_rebuild_caches (keydb.c:1775) ==10542== by 0x46FD8E: validate_keys (trustdb.c:1904) ==10542== by 0x444BB7: public_key_list (keylist.c:133) ==10542== by 0x40B661: main (gpg.c:4100) ==10542== Address 0x4 is not stack'd, malloc'd or (recently) free'd ==10542== gpg: signal Segmentation fault caught ... exiting ==10542== ==10542== Process terminating with default action of signal 11 (SIGSEGV) ==10542== at 0x5EEA908: raise (in /lib64/libc-2.23.so) ==10542== by 0x5EEA98F: ??? (in /lib64/libc-2.23.so) ==10542== by 0x56016AF: ??? (in /usr/lib64/libgcrypt.so.20.0.5) ==10542== by 0x560173F: _gcry_mpi_normalize (mpi-bit.c:75) ==10542== by 0x560173F: _gcry_mpi_get_nbits (mpi-bit.c:79) ==10542== by 0x429D5D: encode_md_value (seskey.c:350) ==10542== by 0x43F4AD: check_signature_end_simple (sig-check.c:461) ==10542== by 0x44000E: check_signature_over_key_or_uid (sig-check.c:892) ==10542== by 0x4406EF: check_key_signature2 (sig-check.c:1075) ==10542== by 0x440784: check_key_signature (sig-check.c:686) ==10542== by 0x429601: keyring_rebuild_cache (keyring.c:1554) ==10542== by 0x426293: keydb_rebuild_caches (keydb.c:1775) ==10542== by 0x46FD8E: validate_keys (trustdb.c:1904) ==10542== ==10542== HEAP SUMMARY: ==10542== in use at exit: 3,965,558 bytes in 57,887 blocks ==10542== total heap usage: 140,986 allocs, 83,099 frees, 32,966,576 bytes allocated ==10542== ==10542== LEAK SUMMARY: ==10542== definitely lost: 42 bytes in 2 blocks ==10542== indirectly lost: 0 bytes in 0 blocks ==10542== possibly lost: 0 bytes in 0 blocks ==10542== still reachable: 3,965,516 bytes in 57,885 blocks ==10542== suppressed: 0 bytes in 0 blocks ==10542== Rerun with --leak-check=full to see details of leaked memory ==10542== ==10542== For counts of detected and suppressed errors, rerun with: -v ==10542== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) Speicherzugriffsfehler (Speicherabzug geschrieben) Note, that the crash doesn't occur if I delete .gnupg/trustdb.gpg but as soon as I modify the trust level of any key gpg crashes again.