scripting gpg

David Shaw dshaw at
Thu May 5 02:13:25 CEST 2011

On May 4, 2011, at 7:01 PM, Jon Drukman wrote:

> I need to do the following:
> - when a new machine is created, automatically import a public key and give it
> full trust
> - be able to encrypt files with that public key without any interactive
> prompting (from a shell script/cron job)
> in other words, a machine has to go from virgin state (OS + software only) to
> being able to encrypt and transmit encrypted files without any prompting or
> other user interaction.
> I know about the 'trust' command but I don't see any non-interactive way to
> achieve that.  Alternatively, if the gpg binary would stop giving me the "It is
> NOT certain that the key belongs to the person named
> in the user ID.  If you *really* know what you are doing,
> you may answer the next question with yes." prompt that would be fine too.

You're looking for the "--trust-model always" option.  Add that to your options, and the trust model becomes "if it's on my keyring, it's fully trusted".  It's up to you to make sure that only keys that are fully trusted are on your keyring, of course. :)


More information about the Gnupg-users mailing list