trusting an imported key which is the only key in a ring?
Robert Forsman
thoth@nile.purplefrog.com
Wed, 08 Mar 2000 17:01:24 -0500
I have a DSA key (beaver-alpha) I generated on one machine. I have
exported the public key and copied it to another machine and imported it as
the ONLY key in that user's keyring. I want to trust that key for --verify
operations. What gpg command do I use to mark that key as fully trusted?
I have managed to mark it as trusted by creating a DSA key (argh) and then
signing the beaver-alpha public key with argh. Then it is trusted. I can
subsequently delete key argh and beaver-alpha is still trusted. this is
what leads me to believe that I should be able to create trust without
having to create a local key (since I would have to do that on several
thousand machines).
See my problem in action:
[root@prestige1 gnupg-1.0.1]# gpg --import /home/hammor/key
gpg: key D1A2FFED: public key imported
gpg: Total number processed: 1
gpg: imported: 1
[root@prestige1 gnupg-1.0.1]# gpg --verify /home/hammor/test.tgz.gpg
gpg: Signature made Wed Mar 8 18:50:25 2000 GMT using DSA key ID D1A2FFED
gpg: Good signature from "Robert Forsman (Beaver Alpha) <thoth@incanta.net>"
Could not find a valid trust path to the key. Let's see whether we
can assign some missing owner trust values.
No path leading to one of our keys found.
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
gpg: Fingerprint: D6BE 16CC EAE6 8E9A 6989 3BF7 91AB 6807 D1A2 FFED