...key belongs to ...

Ingo Klöcker kloecker at kde.org
Sun May 30 16:10:55 CEST 2010 

On Sunday 30 May 2010, Daniel Eggleston wrote:
> On Sun, 30 May 2010 00:58:57 +0000 (UTC)
> 
> "Michael D. Berger" <m_d_berger_1900 at yahoo.com> wrote:
> > On Sat, 29 May 2010 19:46:29 -0500, John Clizbe wrote:
> > > Michael D. Berger wrote:
> > >> On a Linux box, in encrypting a file with gpg, I get this query:
> > >>    It is NOT certain that the key belongs to the person named in
> > >> 
> > >> the user ID.  If you *really* know what you are doing, you may
> > >> answer the next question with yes.
> > >> 
> > >>    Use this key anyway? (y/N) n
> > >> 
> > >> Now in the context in which this is being used, there is no
> > >> uncertainty regarding key ownership, and the encryption is part
> > >> of a bash script. The query stops the script.
> > >> 
> > >> Therefore, how can I prevent this query?
> > > 
> > > The easiest is to either
> > > 
> > > a) (l)sign the key
> > > 
> > > or
> > > 
> > > b) add '--trust-model always' to the command line
> > 
> > I went to the account in which the key pair was generated
> > and tried to sign the key.  I got that the key is already
> > signed.  Was there perhaps something in the export of
> > the public key that might have gone wrong?  Or, perhaps,
> > is there some other signing that is necessary?
> 
> You got that it's already signed because it's self signed. Your error
> is akin to the message a web browser gives you when the site has a
> self-signed certificate. There is no guarantee that the certificate
> comes from the entity it says it does.  i.e. you have nothing but the
> "word" of the certificate confirming its identity.
> 
> You need to go into the account performing the encryption, import the
> public key in question if you haven't already, and sign it *there*.
> Basically, confirming to gpg that you have independently verified
> this key and know it to be valid.

Since signing requires a private key on the encryption box it might be 
easier to set the (owner) trust of the public key to be used for 
encryption to ultimate.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100530/d7effa0e/attachment.pgp>

More information about the Gnupg-users mailing list