Unable to edit the trust using gpg and a command file











up vote
0
down vote

favorite












I am trying to write a plugin to my build tool which wraps GnuPG.



I have managed to do everything so far but the one thing I am stuck on is how to trust a newly added key without affecting the trust of existing keys.



If I first list the keys:



root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys

tru::1:1542186184:0:3:1:5

pub:-:4096:1:B6A8B64B909CAF2F:1541574504:::-:::scESC:::#:::23::0:

fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:

grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:

uid:-::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:

sub:-:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:

fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:

grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:


We see that there is no value for the validity.



Now I have a command file:



root@7353afd2c546:/# cat /root/.gnupg/commands

trust

5

save


And when I run:



root@7353afd2c546:/# gpg --batch --yes --status-fd 1 --command-file /root/.gnupg/commands --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F

[GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0

Secret subkeys are available.





pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc

fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:

ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e

fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:

uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::

[GNUPG:] GET_LINE keyedit.prompt

[GNUPG:] GOT_IT



Please decide how far you trust this user to correctly verify other users' keys

(by looking at passports, checking fingerprints from different sources, etc.)



  1 = I don't know or won't say

  2 = I do NOT trust

  3 = I trust marginally

  4 = I trust fully

  5 = I trust ultimately

  m = back to the main menu



pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc

fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:

ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e

fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:

uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::

[GNUPG:] GET_LINE edit_ownertrust.value

[GNUPG:] GOT_IT

[GNUPG:] GET_LINE edit_ownertrust.value

[GNUPG:] GOT_IT



[GNUPG:] GET_LINE keyedit.prompt

[GNUPG:] GOT_IT


We see here that looks as though it successfully read the input from the file. However when I list the keys again the validity has not changed.



Yet if I edit the key manually:



root@7353afd2c546:/# gpg --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F

gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.



Secret subkeys are available.



pub  rsa4096/B6A8B64B909CAF2F

     created: 2018-11-07  expires: never       usage: SC

     trust: never         validity: unknown

ssb  rsa4096/0E839DDD93691327

     created: 2018-11-07  expires: never       usage: E

[ unknown] (1). Testy <test@example.com>



gpg> trust

pub  rsa4096/B6A8B64B909CAF2F

     created: 2018-11-07  expires: never       usage: SC

     trust: never         validity: unknown

ssb  rsa4096/0E839DDD93691327

     created: 2018-11-07  expires: never       usage: E

[ unknown] (1). Testy <test@example.com>



Please decide how far you trust this user to correctly verify other users' keys

(by looking at passports, checking fingerprints from different sources, etc.)



  1 = I don't know or won't say

  2 = I do NOT trust

  3 = I trust marginally

  4 = I trust fully

  5 = I trust ultimately

  m = back to the main menu



Your decision? 5

Do you really want to set this key to ultimate trust? (y/N) y



pub  rsa4096/B6A8B64B909CAF2F

     created: 2018-11-07  expires: never       usage: SC

     trust: ultimate      validity: unknown

ssb  rsa4096/0E839DDD93691327

     created: 2018-11-07  expires: never       usage: E

[ unknown] (1). Testy <test@example.com>

Please note that the shown key validity is not necessarily correct

unless you restart the program.



gpg> save

Key not changed so no update needed.


Then it works:



root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys

gpg: checking the trustdb

tru:o:1:1542190815:1:3:1:5

[GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0

gpg: marginals needed: 3  completes needed: 1  trust model: pgp

gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u

pub:u:4096:1:B6A8B64B909CAF2F:1541574504:::u:::scESC:::#:::23::0:

fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:

grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:

uid:u::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:

sub:u:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:

fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:

grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:


Why doesn't this work?






gnupg







share|improve this question









New contributor




Steiny is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
























    up vote
    0
    down vote

    favorite












    I am trying to write a plugin to my build tool which wraps GnuPG.



    I have managed to do everything so far but the one thing I am stuck on is how to trust a newly added key without affecting the trust of existing keys.



    If I first list the keys:



    root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
    
tru::1:1542186184:0:3:1:5
    
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:::-:::scESC:::#:::23::0:
    
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
    
grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
    
uid:-::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
    
sub:-:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
    
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
    
grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:


    We see that there is no value for the validity.



    Now I have a command file:



    root@7353afd2c546:/# cat /root/.gnupg/commands
    
trust
    
5
    
save


    And when I run:



    root@7353afd2c546:/# gpg --batch --yes --status-fd 1 --command-file /root/.gnupg/commands --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
    
[GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
    
Secret subkeys are available.
    

    

    
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
    
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
    
ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
    
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
    
uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
    
[GNUPG:] GET_LINE keyedit.prompt
    
[GNUPG:] GOT_IT
    

    
Please decide how far you trust this user to correctly verify other users' keys
    
(by looking at passports, checking fingerprints from different sources, etc.)
    

    
  1 = I don't know or won't say
    
  2 = I do NOT trust
    
  3 = I trust marginally
    
  4 = I trust fully
    
  5 = I trust ultimately
    
  m = back to the main menu
    

    
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
    
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
    
ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
    
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
    
uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
    
[GNUPG:] GET_LINE edit_ownertrust.value
    
[GNUPG:] GOT_IT
    
[GNUPG:] GET_LINE edit_ownertrust.value
    
[GNUPG:] GOT_IT
    

    
[GNUPG:] GET_LINE keyedit.prompt
    
[GNUPG:] GOT_IT


    We see here that looks as though it successfully read the input from the file. However when I list the keys again the validity has not changed.



    Yet if I edit the key manually:



    root@7353afd2c546:/# gpg --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
    
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
    
This is free software: you are free to change and redistribute it.
    
There is NO WARRANTY, to the extent permitted by law.
    

    
Secret subkeys are available.
    

    
pub  rsa4096/B6A8B64B909CAF2F
    
     created: 2018-11-07  expires: never       usage: SC
    
     trust: never         validity: unknown
    
ssb  rsa4096/0E839DDD93691327
    
     created: 2018-11-07  expires: never       usage: E
    
[ unknown] (1). Testy <test@example.com>
    

    
gpg> trust
    
pub  rsa4096/B6A8B64B909CAF2F
    
     created: 2018-11-07  expires: never       usage: SC
    
     trust: never         validity: unknown
    
ssb  rsa4096/0E839DDD93691327
    
     created: 2018-11-07  expires: never       usage: E
    
[ unknown] (1). Testy <test@example.com>
    

    
Please decide how far you trust this user to correctly verify other users' keys
    
(by looking at passports, checking fingerprints from different sources, etc.)
    

    
  1 = I don't know or won't say
    
  2 = I do NOT trust
    
  3 = I trust marginally
    
  4 = I trust fully
    
  5 = I trust ultimately
    
  m = back to the main menu
    

    
Your decision? 5
    
Do you really want to set this key to ultimate trust? (y/N) y
    

    
pub  rsa4096/B6A8B64B909CAF2F
    
     created: 2018-11-07  expires: never       usage: SC
    
     trust: ultimate      validity: unknown
    
ssb  rsa4096/0E839DDD93691327
    
     created: 2018-11-07  expires: never       usage: E
    
[ unknown] (1). Testy <test@example.com>
    
Please note that the shown key validity is not necessarily correct
    
unless you restart the program.
    

    
gpg> save
    
Key not changed so no update needed.


    Then it works:



    root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
    
gpg: checking the trustdb
    
tru:o:1:1542190815:1:3:1:5
    
[GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
    
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
    
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
    
pub:u:4096:1:B6A8B64B909CAF2F:1541574504:::u:::scESC:::#:::23::0:
    
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
    
grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
    
uid:u::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
    
sub:u:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
    
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
    
grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:


    Why doesn't this work?






    gnupg







    share|improve this question









    New contributor




    Steiny is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.






















      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I am trying to write a plugin to my build tool which wraps GnuPG.



      I have managed to do everything so far but the one thing I am stuck on is how to trust a newly added key without affecting the trust of existing keys.



      If I first list the keys:



      root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
      
tru::1:1542186184:0:3:1:5
      
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:::-:::scESC:::#:::23::0:
      
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
      
grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
      
uid:-::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
      
sub:-:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
      
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
      
grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:


      We see that there is no value for the validity.



      Now I have a command file:



      root@7353afd2c546:/# cat /root/.gnupg/commands
      
trust
      
5
      
save


      And when I run:



      root@7353afd2c546:/# gpg --batch --yes --status-fd 1 --command-file /root/.gnupg/commands --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
      
[GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
      
Secret subkeys are available.
      

      

      
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
      
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
      
ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
      
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
      
uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
      
[GNUPG:] GET_LINE keyedit.prompt
      
[GNUPG:] GOT_IT
      

      
Please decide how far you trust this user to correctly verify other users' keys
      
(by looking at passports, checking fingerprints from different sources, etc.)
      

      
  1 = I don't know or won't say
      
  2 = I do NOT trust
      
  3 = I trust marginally
      
  4 = I trust fully
      
  5 = I trust ultimately
      
  m = back to the main menu
      

      
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
      
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
      
ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
      
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
      
uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
      
[GNUPG:] GET_LINE edit_ownertrust.value
      
[GNUPG:] GOT_IT
      
[GNUPG:] GET_LINE edit_ownertrust.value
      
[GNUPG:] GOT_IT
      

      
[GNUPG:] GET_LINE keyedit.prompt
      
[GNUPG:] GOT_IT


      We see here that looks as though it successfully read the input from the file. However when I list the keys again the validity has not changed.



      Yet if I edit the key manually:



      root@7353afd2c546:/# gpg --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
      
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
      
This is free software: you are free to change and redistribute it.
      
There is NO WARRANTY, to the extent permitted by law.
      

      
Secret subkeys are available.
      

      
pub  rsa4096/B6A8B64B909CAF2F
      
     created: 2018-11-07  expires: never       usage: SC
      
     trust: never         validity: unknown
      
ssb  rsa4096/0E839DDD93691327
      
     created: 2018-11-07  expires: never       usage: E
      
[ unknown] (1). Testy <test@example.com>
      

      
gpg> trust
      
pub  rsa4096/B6A8B64B909CAF2F
      
     created: 2018-11-07  expires: never       usage: SC
      
     trust: never         validity: unknown
      
ssb  rsa4096/0E839DDD93691327
      
     created: 2018-11-07  expires: never       usage: E
      
[ unknown] (1). Testy <test@example.com>
      

      
Please decide how far you trust this user to correctly verify other users' keys
      
(by looking at passports, checking fingerprints from different sources, etc.)
      

      
  1 = I don't know or won't say
      
  2 = I do NOT trust
      
  3 = I trust marginally
      
  4 = I trust fully
      
  5 = I trust ultimately
      
  m = back to the main menu
      

      
Your decision? 5
      
Do you really want to set this key to ultimate trust? (y/N) y
      

      
pub  rsa4096/B6A8B64B909CAF2F
      
     created: 2018-11-07  expires: never       usage: SC
      
     trust: ultimate      validity: unknown
      
ssb  rsa4096/0E839DDD93691327
      
     created: 2018-11-07  expires: never       usage: E
      
[ unknown] (1). Testy <test@example.com>
      
Please note that the shown key validity is not necessarily correct
      
unless you restart the program.
      

      
gpg> save
      
Key not changed so no update needed.


      Then it works:



      root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
      
gpg: checking the trustdb
      
tru:o:1:1542190815:1:3:1:5
      
[GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
      
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
      
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
      
pub:u:4096:1:B6A8B64B909CAF2F:1541574504:::u:::scESC:::#:::23::0:
      
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
      
grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
      
uid:u::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
      
sub:u:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
      
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
      
grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:


      Why doesn't this work?






      gnupg







      share|improve this question









      New contributor




      Steiny is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      I am trying to write a plugin to my build tool which wraps GnuPG.



      I have managed to do everything so far but the one thing I am stuck on is how to trust a newly added key without affecting the trust of existing keys.



      If I first list the keys:



      root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
      
tru::1:1542186184:0:3:1:5
      
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:::-:::scESC:::#:::23::0:
      
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
      
grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
      
uid:-::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
      
sub:-:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
      
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
      
grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:


      We see that there is no value for the validity.



      Now I have a command file:



      root@7353afd2c546:/# cat /root/.gnupg/commands
      
trust
      
5
      
save


      And when I run:



      root@7353afd2c546:/# gpg --batch --yes --status-fd 1 --command-file /root/.gnupg/commands --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
      
[GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
      
Secret subkeys are available.
      

      

      
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
      
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
      
ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
      
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
      
uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
      
[GNUPG:] GET_LINE keyedit.prompt
      
[GNUPG:] GOT_IT
      

      
Please decide how far you trust this user to correctly verify other users' keys
      
(by looking at passports, checking fingerprints from different sources, etc.)
      

      
  1 = I don't know or won't say
      
  2 = I do NOT trust
      
  3 = I trust marginally
      
  4 = I trust fully
      
  5 = I trust ultimately
      
  m = back to the main menu
      

      
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
      
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
      
ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
      
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
      
uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
      
[GNUPG:] GET_LINE edit_ownertrust.value
      
[GNUPG:] GOT_IT
      
[GNUPG:] GET_LINE edit_ownertrust.value
      
[GNUPG:] GOT_IT
      

      
[GNUPG:] GET_LINE keyedit.prompt
      
[GNUPG:] GOT_IT


      We see here that looks as though it successfully read the input from the file. However when I list the keys again the validity has not changed.



      Yet if I edit the key manually:



      root@7353afd2c546:/# gpg --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
      
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
      
This is free software: you are free to change and redistribute it.
      
There is NO WARRANTY, to the extent permitted by law.
      

      
Secret subkeys are available.
      

      
pub  rsa4096/B6A8B64B909CAF2F
      
     created: 2018-11-07  expires: never       usage: SC
      
     trust: never         validity: unknown
      
ssb  rsa4096/0E839DDD93691327
      
     created: 2018-11-07  expires: never       usage: E
      
[ unknown] (1). Testy <test@example.com>
      

      
gpg> trust
      
pub  rsa4096/B6A8B64B909CAF2F
      
     created: 2018-11-07  expires: never       usage: SC
      
     trust: never         validity: unknown
      
ssb  rsa4096/0E839DDD93691327
      
     created: 2018-11-07  expires: never       usage: E
      
[ unknown] (1). Testy <test@example.com>
      

      
Please decide how far you trust this user to correctly verify other users' keys
      
(by looking at passports, checking fingerprints from different sources, etc.)
      

      
  1 = I don't know or won't say
      
  2 = I do NOT trust
      
  3 = I trust marginally
      
  4 = I trust fully
      
  5 = I trust ultimately
      
  m = back to the main menu
      

      
Your decision? 5
      
Do you really want to set this key to ultimate trust? (y/N) y
      

      
pub  rsa4096/B6A8B64B909CAF2F
      
     created: 2018-11-07  expires: never       usage: SC
      
     trust: ultimate      validity: unknown
      
ssb  rsa4096/0E839DDD93691327
      
     created: 2018-11-07  expires: never       usage: E
      
[ unknown] (1). Testy <test@example.com>
      
Please note that the shown key validity is not necessarily correct
      
unless you restart the program.
      

      
gpg> save
      
Key not changed so no update needed.


      Then it works:



      root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
      
gpg: checking the trustdb
      
tru:o:1:1542190815:1:3:1:5
      
[GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
      
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
      
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
      
pub:u:4096:1:B6A8B64B909CAF2F:1541574504:::u:::scESC:::#:::23::0:
      
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
      
grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
      
uid:u::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
      
sub:u:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
      
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
      
grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:


      Why doesn't this work?






      gnupg




      gnupg






      share|improve this question









      New contributor




      Steiny is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      Steiny is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited Nov 15 at 20:09





















      New contributor




      Steiny is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked Nov 14 at 10:24









      Steiny

      1014




      1014




      New contributor




      Steiny is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Steiny is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Steiny is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          Your command file has trust 5 in a single line, even though the trust command does not accept parameters. Instead it shows a separate prompt for the menu selection, which means the response should be in a separate line as well. Each prompt needs its own line in the command-file.



          So the trust is not updated because GnuPG receives the word save when it needs a number.



          A faster way to set ownertrust is:



          echo "DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:6:" | gpg --import-ownertrust


          (The 6 is not a typo – it is the internal trust value, not the menu item number.)






          share|improve this answer





















          • Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't --import-ownertrust overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.
            – Steiny
            Nov 15 at 19:59












          • I have updated the example with the parameters on separate lines.
            – Steiny
            Nov 15 at 20:12











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          Steiny is a new contributor. Be nice, and check out our Code of Conduct.










           

          draft saved


          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1375264%2funable-to-edit-the-trust-using-gpg-and-a-command-file%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote













          Your command file has trust 5 in a single line, even though the trust command does not accept parameters. Instead it shows a separate prompt for the menu selection, which means the response should be in a separate line as well. Each prompt needs its own line in the command-file.



          So the trust is not updated because GnuPG receives the word save when it needs a number.



          A faster way to set ownertrust is:



          echo "DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:6:" | gpg --import-ownertrust


          (The 6 is not a typo – it is the internal trust value, not the menu item number.)






          share|improve this answer





















          • Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't --import-ownertrust overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.
            – Steiny
            Nov 15 at 19:59












          • I have updated the example with the parameters on separate lines.
            – Steiny
            Nov 15 at 20:12















          up vote
          0
          down vote













          Your command file has trust 5 in a single line, even though the trust command does not accept parameters. Instead it shows a separate prompt for the menu selection, which means the response should be in a separate line as well. Each prompt needs its own line in the command-file.



          So the trust is not updated because GnuPG receives the word save when it needs a number.



          A faster way to set ownertrust is:



          echo "DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:6:" | gpg --import-ownertrust


          (The 6 is not a typo – it is the internal trust value, not the menu item number.)






          share|improve this answer





















          • Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't --import-ownertrust overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.
            – Steiny
            Nov 15 at 19:59












          • I have updated the example with the parameters on separate lines.
            – Steiny
            Nov 15 at 20:12













          up vote
          0
          down vote










          up vote
          0
          down vote









          Your command file has trust 5 in a single line, even though the trust command does not accept parameters. Instead it shows a separate prompt for the menu selection, which means the response should be in a separate line as well. Each prompt needs its own line in the command-file.



          So the trust is not updated because GnuPG receives the word save when it needs a number.



          A faster way to set ownertrust is:



          echo "DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:6:" | gpg --import-ownertrust


          (The 6 is not a typo – it is the internal trust value, not the menu item number.)






          share|improve this answer












          Your command file has trust 5 in a single line, even though the trust command does not accept parameters. Instead it shows a separate prompt for the menu selection, which means the response should be in a separate line as well. Each prompt needs its own line in the command-file.



          So the trust is not updated because GnuPG receives the word save when it needs a number.



          A faster way to set ownertrust is:



          echo "DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:6:" | gpg --import-ownertrust


          (The 6 is not a typo – it is the internal trust value, not the menu item number.)







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 14 at 12:50









          grawity

          227k35475537




          227k35475537












          • Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't --import-ownertrust overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.
            – Steiny
            Nov 15 at 19:59












          • I have updated the example with the parameters on separate lines.
            – Steiny
            Nov 15 at 20:12


















          • Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't --import-ownertrust overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.
            – Steiny
            Nov 15 at 19:59












          • I have updated the example with the parameters on separate lines.
            – Steiny
            Nov 15 at 20:12
















          Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't --import-ownertrust overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.
          – Steiny
          Nov 15 at 19:59






          Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't --import-ownertrust overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.
          – Steiny
          Nov 15 at 19:59














          I have updated the example with the parameters on separate lines.
          – Steiny
          Nov 15 at 20:12




          I have updated the example with the parameters on separate lines.
          – Steiny
          Nov 15 at 20:12










          Steiny is a new contributor. Be nice, and check out our Code of Conduct.










           

          draft saved


          draft discarded


















          Steiny is a new contributor. Be nice, and check out our Code of Conduct.













          Steiny is a new contributor. Be nice, and check out our Code of Conduct.












          Steiny is a new contributor. Be nice, and check out our Code of Conduct.















           


          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1375264%2funable-to-edit-the-trust-using-gpg-and-a-command-file%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Plaza Victoria

          Image
          Plaza Victoria Plaza Victoria en 2017 Otros nombres Plaza de La Victoria Localización El Almendral, Valparaíso, Chile Vías adyacentes Chacabuco, Molina, Plaza Victoria y Edwards Creación 1841 Metro Bellavista Ubicación 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 Coordenadas: 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 [editar datos en Wikidata] La Plaza Victoria , también llamada Plaza de la Victoria , [ 1 ] ​ es una plaza ubicada en el sector El Almendral del plan de la ciudad de Valparaíso, Chile, de importancia patrimonial, que incluye valiosas estatuas y especies vegetales. [ 2 ] ​ La plaza se creó como tal en la primera mitad del siglo XIX, tomando previamente los nombres de Plaza Nueva y Plaza de Orrego . Si bien desde sus inicios tuvo relevancia histórica, no fue sino a partir de fines de los años 1860 cuando comenzó a cobrar mayor importancia y se convirtió en uno de los principales centros sociales de l
          Read more

          In PowerPoint, is there a keyboard shortcut for bulleted / numbered list?

          Image
          .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 2 OneNote has two useful keyboard shortcuts for bulleted and numbered lists, namely Ctrl + . and Ctrl + - . Is there something similar for PowerPoint where the work with lists is also very common? Haven't found anything here: Use keyboard shortcuts in PowerPoint. keyboard-shortcuts microsoft-powerpoint share | improve this question edited Aug 14 '14 at 14:49 Linger 2,826 10 28 40
          Read more

          How to put 3 figures in Latex with 2 figures side by side and 1 below these side by side images but in...

          Image
          1 0 I want to put 3 images in LateX such as 2 figures are side by side horizotally and 3rd figure below these 2 side by side figures but in middle. I have following code: begin{figure}[H] centering begin{minipage}{.5textwidth} centering includegraphics[width=.50linewidth]{Text/Images/Genelec_8010_AP.jpg} captionof{figure}{Genelec 8010 AP} label{fig:Genelec 8010} end{minipage}% begin{minipage}{.5textwidth} centering includegraphics[width=.69linewidth]{Text/Images/Genelec_8020_CPM.jpg} captionof{figure}{Genelec 8020 CPM} label{fig:Genelec 8020} end{minipage}% end{figure} %%Here is my 3rd picture code begin{figure} centering includegraphics[width=5cm]{Text/Images/Genelec_8030_BPM.jpg} caption{Genelec 8030 BPM} label{fig:Genelec 8030} end{figure} I want to ask ho
          Read more