Yan Han's blog

On Computer Technology

04 Mar 2014

GPG - How to trust an imported key



Recently I’ve faced this problem when trying to encrypt a file using my own gpg key, created on another machine and newly imported. Here’s the command used for encryption:

gpg -r 'Pang' -e some_file

and a message along the lines of this pops up:

gpg: checking the trustdb
gpg: no ultimately trusted keys found
gpg: There is no assurance this key belongs to the named user

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N)

I was trying to incorporate this encrypting part into a bash script. Using the --yes flag still causes GPG to prompt. I did not want that; the bash script should be non-interactive.

It took me quite a while to reach the solution, which is:

gpg --edit-key 'Pang'

which fires up GPG and shows a prompt.

gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  2048R/2F67056A  created: 2013-07-13  expires: never       usage: SC
                     trust: never         validity: unknown
sub  2048R/          created: 2013-07-13  expires: never       usage: E
[ unknown] (1). Pang Yan Han
gpg >

At this point, I entered:


which shows:

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision?

Since this is my own key, I entered:


which trusts it ultimately.

Exiting the gpg program, and running:

gpg -r 'Pang' -e some_file

no longer prompts me to answer that question. Automation ftw.

Disclaimer: Opinions expressed on this blog are solely my own and do not express the views or opinions of my employer(s), past or present.

comments powered by Disqus