04
Mar 2014
GPG - How to trust an imported key
|
Tags |
On Computer Technology
Recently I’ve faced this problem when trying to encrypt a file using my own gpg key, created on another machine and newly imported. Here’s the command used for encryption:
gpg -r 'Pang' -e some_file
and a message along the lines of this pops up:
gpg: checking the trustdb
gpg: no ultimately trusted keys found
gpg: There is no assurance this key belongs to the named user
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N)
I was trying to incorporate this encrypting part into a bash script. Using the
--yes flag still causes GPG to prompt. I did not want that; the bash script
should be non-interactive.
It took me quite a while to reach the solution, which is:
gpg --edit-key 'Pang'
which fires up GPG and shows a prompt.
gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 2048R/2F67056A created: 2013-07-13 expires: never usage: SC
trust: never validity: unknown
sub 2048R/ created: 2013-07-13 expires: never usage: E
[ unknown] (1). Pang Yan Han
gpg >
At this point, I entered:
trust
which shows:
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision?
Since this is my own key, I entered:
5
which trusts it ultimately.
Exiting the gpg program, and running:
gpg -r 'Pang' -e some_file
no longer prompts me to answer that question. Automation ftw.
Disclaimer: Opinions expressed on this blog are solely my own and do not express the views or opinions of my employer(s), past or present.