I can't trust my own key?

extasia at extasia.org extasia at extasia.org
Fri Jan 9 10:37:45 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings!

I recently upgraded from 1.0.6 to 1.2.3 on a machine running:

  $ uname -a
  Linux somehost 2.4.17 #5 Wed Jun 12 10:40:57 EDT 2002 i686 unknown

When I run "--verify" on my own email, which I clearsign, I get
something like:

  gpg: Signature made Fri Jan  9 09:41:50 2004 PST using DSA key ID CFCEA5D0
  gpg: Good signature from "David <[current email addr]>"
  gpg:                 aka "David <[obsolete email address]>"
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: 708D 7772 46D0 BA64 766C  4AE1 3E1D 0CF5 CFCE A5D0

I didn't get the "WARNING" before upgrading.

So I try to edit the key:

  $ gpg --edit-key cfcea5d0
  gpg (GnuPG) 1.2.3; Copyright (C) 2003 Free Software Foundation, Inc.
  This program comes with ABSOLUTELY NO WARRANTY.
  This is free software, and you are welcome to redistribute it
  under certain conditions. See the file COPYING for details.
  
  Secret key is available.
  
  pub  1024D/CFCEA5D0  created: 2001-07-07 expires: never      trust: -/-
  sub  1024g/[...]     created: 2001-07-07 expires: never     
  (1). David <[current email addr]>
  (2)  David <[obsolete email address]>
  
  Command> check
  uid  David <[current email addr]>
  sig!3       CFCEA5D0 2003-07-07   [self-signature]
  sig!3       B8FD3822 2003-04-16   [someone else's info]
  sig!3       CFCEA5D0 2003-02-01   [self-signature]
  sig!3       CFCEA5D0 2003-07-06   [self-signature]
  uid  David <[obsolete email address]>
  sig!3       CFCEA5D0 2003-07-07   [self-signature]
  sig!3     X 123EC631 2002-10-22   [someone else's info]
  sig!2     X BE42DCA6 2002-08-15   [someone else's info]
  sig!3     X B8FD3822 2002-12-05   [someone else's info]
  sig!3       CFCEA5D0 2001-07-07   [self-signature]
  sig!3       CFCEA5D0 2003-02-01   [self-signature]
  sig!3       CFCEA5D0 2003-07-06   [self-signature]
  4 signatures not checked due to missing keys

[it sure looks like I've signed my own key...  fine.  let's try again]
  
  Command> sign
  Really sign all user IDs? yes
  "David <[current email addr]>" was already signed by key CFCEA5D0
  "David <[current email addr]>" was already signed by key CFCEA5D0
  "David <[current email addr]>" was already signed by key CFCEA5D0
  "David <[obsolete email address]>" was already signed by key CFCEA5D0
  "David <[obsolete email address]>" was already signed by key CFCEA5D0
  "David <[obsolete email address]>" was already signed by key CFCEA5D0
  "David <[obsolete email address]>" was already signed by key CFCEA5D0
  Nothing to sign with key CFCEA5D0
  
  Command> quit

So how do I stop getting the "WARNING" when I "--verify"?

Thanks!
David
- -- 
Live in a world of your own, but always welcome visitors.
                                 ***
Cave fruticem.             http://extasia.org/cave-fruticem/
Come to sig-beer-west!     http://extasia.org/sig-beer-west/
Unix sysadmin available:   http://extasia.org/resume/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE//vTTPh0M9c/OpdARAv6bAKCpkltN1AAgaoXiK3wTwWG1a8qwOACfbUh+
Oo7Chy3MTZYX1KVDc796ALA=
=W/uR
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list