...key belongs to ...

Daniel Eggleston eggled at gmail.com
Sun May 30 13:28:13 CEST 2010

On Sun, 30 May 2010 00:58:57 +0000 (UTC)
"Michael D. Berger" <m_d_berger_1900 at yahoo.com> wrote:

> On Sat, 29 May 2010 19:46:29 -0500, John Clizbe wrote:
> > Michael D. Berger wrote:
> >> On a Linux box, in encrypting a file with gpg, I get this query:
> >> 
> >>    It is NOT certain that the key belongs to the person named in
> >> the user ID.  If you *really* know what you are doing, you may
> >> answer the next question with yes.
> >> 
> >>    Use this key anyway? (y/N) n
> >> 
> >> Now in the context in which this is being used, there is no
> >> uncertainty regarding key ownership, and the encryption is part of
> >> a bash script. The query stops the script.
> >> 
> >> Therefore, how can I prevent this query?
> > 
> > The easiest is to either
> > 
> > a) (l)sign the key
> > 
> > or
> > 
> > b) add '--trust-model always' to the command line
> I went to the account in which the key pair was generated
> and tried to sign the key.  I got that the key is already
> signed.  Was there perhaps something in the export of
> the public key that might have gone wrong?  Or, perhaps,
> is there some other signing that is necessary?
> Thanks again.
> Mike.
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

You got that it's already signed because it's self signed. Your error
is akin to the message a web browser gives you when the site has a
self-signed certificate. There is no guarantee that the certificate
comes from the entity it says it does.  i.e. you have nothing but the
"word" of the certificate confirming its identity.

You need to go into the account performing the encryption, import the
public key in question if you haven't already, and sign it *there*.
Basically, confirming to gpg that you have independently verified this
key and know it to be valid.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: </pipermail/attachments/20100530/f2a7b417/attachment.pgp>

More information about the Gnupg-users mailing list