encrypting files in a script

Dennis Lambe Jr. malsyned at uofr.net
Wed Apr 28 04:29:01 CEST 2004


On Tue, 2004-04-20 at 19:12, Atom 'Smasher' wrote:
> > How do I mark the key as trusted?  I still get "the
> > question" even after I do
> >
> > gpg --edit-key foo
> > trust
> > 4 ( = "I trust fully")
> > quit
> =================================

That's because you haven't signed the key.  GPG's "trust" is actually a
measure of how much you trust that key to sign other people's keys
responsibly.  What you're trying to do is assure GPG that the key really
does belong to the person it says it does, which is accomplished through
signing it (or trusting someone who signed it, thanks to the Web of
Trust).

> "full" trust isn't enough... you'll have to select:
> 	5 = I trust ultimately

This is not a good solution in this case.  I don't even think it will
solve the problem, and it's giving the key's owner a lot of credit that
you may not have good reason to give him or her.

> or use:
> 	--trust-model always

If your script is supposed to handle arbitrary keys gracefully, this is
probably the best way.  It ignores all issues of whether the key belongs
to the person it claims to, which is a security hazard in many
circumstances.  Can you give a little more information about what this
script does?

--D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 279 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20040427/c01f5461/attachment.bin


More information about the Gnupg-users mailing list