encrypting to a user, "There is no assurance this key belongs to the named user"
mjt at tls.msk.ru
Fri Jun 21 12:34:08 CEST 2013
21.06.2013 14:22, Peter Lebbing wrote:
> On 21/06/13 12:00, Henry Hertz Hobbit wrote:
>> Who or what is "gconf"? If that is what is actually used then
>> it is neither an email address or the keyid.
> I don't think that's the problem, gpg is picking the key the OP wants, since it
> complains about key 468E35BC having insufficient validity.
> Michael, what does --edit-key rconf tell you about key validity?
It says "validity: unknown"
pub 1024R/DC42DA4C created: 2005-01-27 expires: never usage: SC
trust: undefined validity: unknown
sub 1024R/468E35BC created: 2005-01-27 expires: never usage: E
[ unknown] (1). rconf receiver <rconf at example.com>
That's why I tried to re-[l]sign it so that --list-sigs shows todays
signature, but it didn't help.
> I don't know what's happening here, it looks to me like you're doing it
> correctly and it ought to just work. I tried to reproduce on my Wheezy system
> and couldn't reproduce it. But maybe I'm missing some detail.
Well, an obvious detail is that these keys are rather old -- note the
date, it all has been created in 2005. Indeed, I can't reproduce this
on a fresh keyring either, -- maybe the key(s) are somehow broken?
(the files hasn't been changed since their creation in 2005, only
today I tried to re-sign it and changed). I have several other
keyrings like that which also stoped working after upgrading from
1.4.10 to 1.4.12.
> Do you have any fancy stuff in your gpg.conf? Define "fancy stuff" broadly ;).
> Anything you feel comfortable sharing might be useful to mention.
Well. For added fun, the complete command line also includes
--no-config, because it was intended to run by a robot in a
known-clean environment (just to be "extra-sure", so to say :).
And there's no config files in the gpg home directory, either:
-rw------- 1 root root 2375 Jun 21 09:46 pubring.gpg
-rw------- 1 root root 2375 Jun 21 09:46 pubring.gpg~
-rw------- 1 root root 600 Jun 21 12:16 random_seed
-rw------- 1 root root 1360 Jan 27 2005 secring.gpg
-rw------- 1 root root 1440 Jun 21 09:46 trustdb.gpg
Maybe I should just re-create the keys. However that will require
me to update the keyrings on many machines which are exchanging
stuff. Not a quick task, even if I wanted to do that for a while
More information about the Gnupg-users