Batch gpg encryption : prompt

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Apr 20 05:03:17 CEST 2011


On 04/19/2011 09:21 PM, Yard, John wrote:
> I am doing scriptewd/batch gpg encryption , and I am
> getting the following repeated prompts: 
> 
> It is NOT certain that the key belongs to the person named
> in the user ID.  If you *really* know what you are doing,
> you may answer the next question with yes.
> 
> Use this key anyway? (y/N) y
> 
> How do I eliminate these prompts? This script will be automatically run.

The right way to solve this problem is to instruct GPG that the key you
are encrypting to is in fact the key owned by the relevant party.  That
is, gpg wants to see full *validity* of at least one User ID on the key
in question.

If you're encrypting something to yourself, the simplest thing is to
mark your own key with "ultimate" ownertrust (which will have the side
effect of setting all User IDs on your key to full validity).

If you're encrypting to someone other than yourself, you should set your
own key to "ultimate" ownertrust, and then ensure that your key has
certified at least one User ID on the key in question.

You can adjust the ownertrust level of your key like this (replace
$MY_KEY with your own key or your user ID):

 gpg --edit-key "$MY_KEY" trust

when you've selected the correct value, enter "save" in the gpg prompt.

You can inspect the validity of the key you'll be encrypting to with
(replace $TARGET_KEY with the relevant key ID or a user ID you expect on
that key):

 gpg --list-options show-uid-validity --list-keys "$TARGET_KEY"

hope this helps,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110419/d2892aca/attachment.pgp>


More information about the Gnupg-users mailing list