On Sunday 30 May 2010, Daniel Eggleston wrote: > On Sun, 30 May 2010 00:58:57 +0000 (UTC) > > "Michael D. Berger" <m_d_berger_1...@yahoo.com> wrote: > > On Sat, 29 May 2010 19:46:29 -0500, John Clizbe wrote: > > > Michael D. Berger wrote: > > >> On a Linux box, in encrypting a file with gpg, I get this query: > > >> It is NOT certain that the key belongs to the person named in > > >> > > >> the user ID. If you *really* know what you are doing, you may > > >> answer the next question with yes. > > >> > > >> Use this key anyway? (y/N) n > > >> > > >> Now in the context in which this is being used, there is no > > >> uncertainty regarding key ownership, and the encryption is part > > >> of a bash script. The query stops the script. > > >> > > >> Therefore, how can I prevent this query? > > > > > > The easiest is to either > > > > > > a) (l)sign the key > > > > > > or > > > > > > b) add '--trust-model always' to the command line > > > > I went to the account in which the key pair was generated > > and tried to sign the key. I got that the key is already > > signed. Was there perhaps something in the export of > > the public key that might have gone wrong? Or, perhaps, > > is there some other signing that is necessary? > > You got that it's already signed because it's self signed. Your error > is akin to the message a web browser gives you when the site has a > self-signed certificate. There is no guarantee that the certificate > comes from the entity it says it does. i.e. you have nothing but the > "word" of the certificate confirming its identity. > > You need to go into the account performing the encryption, import the > public key in question if you haven't already, and sign it *there*. > Basically, confirming to gpg that you have independently verified > this key and know it to be valid.
Since signing requires a private key on the encryption box it might be easier to set the (owner) trust of the public key to be used for encryption to ultimate. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
