gpg tells me a signature from my own key is a forgery.

Brian Minton brian at minton.systems
Fri Aug 30 18:41:48 CEST 2019


I am testing signing with multiple keys.  However, gpg tells me that my
own key is a forgery.  I know it is not a forgery because I didn't forge
it.  Is there a way to tell gpg that my own key is good?  I'm using
trust model tofu+pgp, and both of my keys are cross-signed and set to
ultimate trust.

Here's an example:

$ echo this message is signed|gpg --local-user 37B9507ACFF2016E! --local-user 6B8EB3A065CFBAA9! --local-user 04D3ED26E707AD0643EBA7EC44F35EDB355D526A --clearsign|gpg
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
this message is signed
gpg: Signature made Fri 30 Aug 2019 11:36:33 AM CDT
gpg:                using EDDSA key EED0158013DC2E6D6E001EA437B9507ACFF2016E
gpg:                issuer "brian at minton.systems"
gpg: Good signature from "Brian Minton <brian at minton.name>" [ultimate]
gpg:                 aka "keybase.io/bjmgeek <bjmgeek at keybase.io>" [ultimate]
gpg:                 aka "Brian Minton <bjmgeek at gmail.com>" [ultimate]
gpg:                 aka "Brian Minton <bminton at freeshell.de>" [ultimate]
gpg:                 aka "Brian Minton <bminton at freeshell.org>" [ultimate]
gpg:                 aka "Brian Minton <bminton at blinkenshell.org>" [ultimate]
gpg:                 aka "[jpeg image of size 5202]" [never]
gpg: WARNING: We do NOT trust this key!
gpg:          The signature is probably a FORGERY.
gpg: Signature made Fri 30 Aug 2019 11:36:33 AM CDT
gpg:                using DSA key F9C4BB760E783F0DEC10A68A6B8EB3A065CFBAA9
gpg:                issuer "brian at minton.systems"
gpg: Good signature from "Brian Minton <brian at minton.name>" [ultimate]
gpg:                 aka "keybase.io/bjmgeek <bjmgeek at keybase.io>" [ultimate]
gpg:                 aka "Brian Minton <bjmgeek at gmail.com>" [ultimate]
gpg:                 aka "Brian Minton <bminton at freeshell.de>" [ultimate]
gpg:                 aka "Brian Minton <bminton at freeshell.org>" [ultimate]
gpg:                 aka "Brian Minton <bminton at blinkenshell.org>" [ultimate]
gpg:                 aka "[jpeg image of size 5202]" [never]
gpg: WARNING: We do NOT trust this key!
gpg:          The signature is probably a FORGERY.
gpg: Signature made Fri 30 Aug 2019 11:36:33 AM CDT
gpg:                using EDDSA key 04D3ED26E707AD0643EBA7EC44F35EDB355D526A
gpg:                issuer "brian at minton.systems"
gpg: Good signature from "Brian Minton <brian at minton.systems>" [ultimate]

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190830/c8a64ab2/attachment.sig>


More information about the Gnupg-users mailing list