problem with unix user id and default key
Martin Blais
blais@iro.umontreal.ca
Mon Mar 18 04:12:02 2002
hi all
i have a funny problem: when my unix username matches one of the keys
in the public keyring, which is not the key for which i have a private
key, i seem to have problems with the trust path. it's as if gpg
always thinks that that key is the owner's key and barks everytime i
need to encrypt, e.g.
my username is "blais".
when i create a db with a secret key for user your_name, e.g.
,----
| tadora:~$ gpg --list-keys
| /home/blais/.gnupg/pubring.gpg
| ------------------------------
| pub 1024D/5C3DC372 2002-03-17 Your Name <your_name@my.other.email.address.org>
| uid Your Name <your_name@your.email.address.com>
| sub 1024g/8D5850AB 2002-03-17
|
| tadora:~$
`----
then i import and sign the public key for user blais:
,----
| tadora:~$ gpg --import blais-public-key.asc
| gpg: key D1775F1D: public key imported
| gpg: Total number processed: 1
| gpg: imported: 1
| tadora:~$ gpg --sign-key blais
|
| pub 1024D/D1775F1D created: 2001-12-02 expires: never trust: m/q
| sub 1024g/4E26EFDC created: 2001-12-02 expires: never
| (1) Martin Blais <blais@iro.umontreal.ca>
| (2). Martin Blais <blais@discreet.com>
|
| Really sign all user IDs? y
|
| pub 1024D/D1775F1D created: 2001-12-02 expires: never trust: m/q
| Fingerprint: D33B E835 9B43 6D52 FE10 F47D AB63 E60B D177 5F1D
|
| Martin Blais <blais@iro.umontreal.ca>
| Martin Blais <blais@discreet.com>
|
| Are you really sure that you want to sign this key
| with your key: "Your Name <your_name@my.other.email.address.org>"
|
| Really sign? y
|
| You need a passphrase to unlock the secret key for
| user: "Your Name <your_name@my.other.email.address.org>"
| 1024-bit DSA key, ID 5C3DC372, created 2002-03-17
|
| tadora:~$ gpg --list-sigs
| /home/blais/.gnupg/pubring.gpg
| ------------------------------
| pub 1024D/5C3DC372 2002-03-17 Your Name <your_name@my.other.email.address.org>
| sig 5C3DC372 2002-03-18 Your Name <your_name@my.other.email.address.org>
| uid Your Name <your_name@your.email.address.com>
| sig 5C3DC372 2002-03-17 Your Name <your_name@my.other.email.address.org>
| sub 1024g/8D5850AB 2002-03-17
| sig 5C3DC372 2002-03-17 Your Name <your_name@my.other.email.address.org>
|
| pub 1024D/D1775F1D 2001-12-02 Martin Blais <blais@discreet.com>
| sig D1775F1D 2001-12-16 Martin Blais <blais@discreet.com>
| sig 20D44B70 2001-12-06 [User id not found]
| sig 01F8CF57 2002-03-08 [User id not found]
| sig 5C3DC372 2002-03-18 Your Name <your_name@my.other.email.address.org>
| uid Martin Blais <blais@iro.umontreal.ca>
| sig D1775F1D 2001-12-16 Martin Blais <blais@discreet.com>
| sig 20D44B70 2001-12-06 [User id not found]
| sig 01F8CF57 2002-03-08 [User id not found]
| sig 5C3DC372 2002-03-18 Your Name <your_name@my.other.email.address.org>
| sub 1024g/4E26EFDC 2001-12-02
| sig D1775F1D 2001-12-16 Martin Blais <blais@discreet.com>
|
| tadora:~$
`----
when i try to encrypt, i get this warning:
,----
| tadora:~$ gpg -aer blais secret
| Could not find a valid trust path to the key. Let's see whether we
| can assign some missing owner trust values.
|
| No path leading to one of our keys found.
|
| 1024g/4E26EFDC 2001-12-02 "Martin Blais <blais@discreet.com>"
| Fingerprint: 5407 1AE2 2EEE 02F5 5C82 5256 20A5 00CF 4E26 EFDC
|
| It is NOT certain that the key belongs to its owner.
| If you *really* know what you are doing, you may answer
| the next question with yes
|
| Use this key anyway?
`----
i tried fiddling with more signing, and setting the trust, to no
avail. then i discovered that if i did the same under user "root", i
did not have the warning.
so i tried setting the --local-user, the --default-key and fiddling
with all the other options and the options file, and i cannot seem to
get rid of that warning.
any idea?
please Cc, i'm not on this list.
thx,