encrypting to a user, "There is no assurance this key belongs to the named user"

Michael Tokarev mjt at tls.msk.ru
Fri Jun 21 12:34:08 CEST 2013


21.06.2013 14:22, Peter Lebbing wrote:
> On 21/06/13 12:00, Henry Hertz Hobbit wrote:
>> Who or what is "gconf"? If that is what is actually used then
>> it is neither an email address or the keyid.
> 
> I don't think that's the problem, gpg is picking the key the OP wants, since it
> complains about key 468E35BC having insufficient validity.
> 
> Michael, what does --edit-key rconf tell you about key validity?

It says "validity: unknown"

pub  1024R/DC42DA4C  created: 2005-01-27  expires: never       usage: SC
                     trust: undefined     validity: unknown
sub  1024R/468E35BC  created: 2005-01-27  expires: never       usage: E
[ unknown] (1). rconf receiver <rconf at example.com>

That's why I tried to re-[l]sign it so that --list-sigs shows todays
signature, but it didn't help.

> I don't know what's happening here, it looks to me like you're doing it
> correctly and it ought to just work. I tried to reproduce on my Wheezy system
> and couldn't reproduce it. But maybe I'm missing some detail.

Well, an obvious detail is that these keys are rather old -- note the
date, it all has been created in 2005.  Indeed, I can't reproduce this
on a fresh keyring either, -- maybe the key(s) are somehow broken?
(the files hasn't been changed since their creation in 2005, only
today I tried to re-sign it and changed).  I have several other
keyrings like that which also stoped working after upgrading from
1.4.10 to 1.4.12.

> Do you have any fancy stuff in your gpg.conf? Define "fancy stuff" broadly ;).
> Anything you feel comfortable sharing might be useful to mention.

Well.  For added fun, the complete command line also includes
--no-config, because it was intended to run by a robot in a
known-clean environment (just to be "extra-sure", so to say :).
And there's no config files in the gpg home directory, either:

-rw------- 1 root root 2375 Jun 21 09:46 pubring.gpg
-rw------- 1 root root 2375 Jun 21 09:46 pubring.gpg~
-rw------- 1 root root  600 Jun 21 12:16 random_seed
-rw------- 1 root root 1360 Jan 27  2005 secring.gpg
-rw------- 1 root root 1440 Jun 21 09:46 trustdb.gpg

Maybe I should just re-create the keys.  However that will require
me to update the keyrings on many machines which are exchanging
stuff.  Not a quick task, even if I wanted to do that for a while
already :)

Thank you!

/mjt



More information about the Gnupg-users mailing list