GPG - How to trust an imported key

04 Mar 2014, by Pang Yan Han

Disclaimer: Opinions expressed on this blog are solely my own and do not express the views or opinions of my employer(s), past or present.

Recently I’ve faced this problem when trying to encrypt a file using my own gpg key, created on another machine and newly imported. Here’s the command used for encryption:

gpg -r 'Pang' -e some_file

and a message along the lines of this pops up:

gpg: checking the trustdb
gpg: no ultimately trusted keys found
gpg: There is no assurance this key belongs to the named user

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N)

I was trying to incorporate this encrypting part into a bash script. Using the --yes flag still causes GPG to prompt. I did not want that; the bash script should be non-interactive.

It took me quite a while to reach the solution, which is:

gpg --edit-key 'Pang'

which fires up GPG and shows a prompt.

gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  2048R/2F67056A  created: 2013-07-13  expires: never       usage: SC
                     trust: never         validity: unknown
sub  2048R/          created: 2013-07-13  expires: never       usage: E
[ unknown] (1). Pang Yan Han
gpg >

At this point, I entered:

trust

which shows:

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision?

Since this is my own key, I entered:

5

which trusts it ultimately.

Exiting the gpg program, and running:

gpg -r 'Pang' -e some_file

no longer prompts me to answer that question. Automation ftw.

comments powered by Disqus