Unable to edit the trust using gpg and a command file
up vote
0
down vote
favorite
I am trying to write a plugin to my build tool which wraps GnuPG.
I have managed to do everything so far but the one thing I am stuck on is how to trust a newly added key without affecting the trust of existing keys.
If I first list the keys:
root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
tru::1:1542186184:0:3:1:5
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:::-:::scESC:::#:::23::0:
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
uid:-::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
sub:-:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:
We see that there is no value for the validity.
Now I have a command file:
root@7353afd2c546:/# cat /root/.gnupg/commands
trust
5
save
And when I run:
root@7353afd2c546:/# gpg --batch --yes --status-fd 1 --command-file /root/.gnupg/commands --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
[GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
Secret subkeys are available.
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
[GNUPG:] GET_LINE keyedit.prompt
[GNUPG:] GOT_IT
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
[GNUPG:] GET_LINE edit_ownertrust.value
[GNUPG:] GOT_IT
[GNUPG:] GET_LINE edit_ownertrust.value
[GNUPG:] GOT_IT
[GNUPG:] GET_LINE keyedit.prompt
[GNUPG:] GOT_IT
We see here that looks as though it successfully read the input from the file. However when I list the keys again the validity has not changed.
Yet if I edit the key manually:
root@7353afd2c546:/# gpg --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret subkeys are available.
pub rsa4096/B6A8B64B909CAF2F
created: 2018-11-07 expires: never usage: SC
trust: never validity: unknown
ssb rsa4096/0E839DDD93691327
created: 2018-11-07 expires: never usage: E
[ unknown] (1). Testy <test@example.com>
gpg> trust
pub rsa4096/B6A8B64B909CAF2F
created: 2018-11-07 expires: never usage: SC
trust: never validity: unknown
ssb rsa4096/0E839DDD93691327
created: 2018-11-07 expires: never usage: E
[ unknown] (1). Testy <test@example.com>
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
pub rsa4096/B6A8B64B909CAF2F
created: 2018-11-07 expires: never usage: SC
trust: ultimate validity: unknown
ssb rsa4096/0E839DDD93691327
created: 2018-11-07 expires: never usage: E
[ unknown] (1). Testy <test@example.com>
Please note that the shown key validity is not necessarily correct
unless you restart the program.
gpg> save
Key not changed so no update needed.
Then it works:
root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
gpg: checking the trustdb
tru:o:1:1542190815:1:3:1:5
[GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub:u:4096:1:B6A8B64B909CAF2F:1541574504:::u:::scESC:::#:::23::0:
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
uid:u::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
sub:u:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:
Why doesn't this work?
gnupg
New contributor
add a comment |
up vote
0
down vote
favorite
I am trying to write a plugin to my build tool which wraps GnuPG.
I have managed to do everything so far but the one thing I am stuck on is how to trust a newly added key without affecting the trust of existing keys.
If I first list the keys:
root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
tru::1:1542186184:0:3:1:5
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:::-:::scESC:::#:::23::0:
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
uid:-::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
sub:-:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:
We see that there is no value for the validity.
Now I have a command file:
root@7353afd2c546:/# cat /root/.gnupg/commands
trust
5
save
And when I run:
root@7353afd2c546:/# gpg --batch --yes --status-fd 1 --command-file /root/.gnupg/commands --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
[GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
Secret subkeys are available.
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
[GNUPG:] GET_LINE keyedit.prompt
[GNUPG:] GOT_IT
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
[GNUPG:] GET_LINE edit_ownertrust.value
[GNUPG:] GOT_IT
[GNUPG:] GET_LINE edit_ownertrust.value
[GNUPG:] GOT_IT
[GNUPG:] GET_LINE keyedit.prompt
[GNUPG:] GOT_IT
We see here that looks as though it successfully read the input from the file. However when I list the keys again the validity has not changed.
Yet if I edit the key manually:
root@7353afd2c546:/# gpg --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret subkeys are available.
pub rsa4096/B6A8B64B909CAF2F
created: 2018-11-07 expires: never usage: SC
trust: never validity: unknown
ssb rsa4096/0E839DDD93691327
created: 2018-11-07 expires: never usage: E
[ unknown] (1). Testy <test@example.com>
gpg> trust
pub rsa4096/B6A8B64B909CAF2F
created: 2018-11-07 expires: never usage: SC
trust: never validity: unknown
ssb rsa4096/0E839DDD93691327
created: 2018-11-07 expires: never usage: E
[ unknown] (1). Testy <test@example.com>
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
pub rsa4096/B6A8B64B909CAF2F
created: 2018-11-07 expires: never usage: SC
trust: ultimate validity: unknown
ssb rsa4096/0E839DDD93691327
created: 2018-11-07 expires: never usage: E
[ unknown] (1). Testy <test@example.com>
Please note that the shown key validity is not necessarily correct
unless you restart the program.
gpg> save
Key not changed so no update needed.
Then it works:
root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
gpg: checking the trustdb
tru:o:1:1542190815:1:3:1:5
[GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub:u:4096:1:B6A8B64B909CAF2F:1541574504:::u:::scESC:::#:::23::0:
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
uid:u::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
sub:u:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:
Why doesn't this work?
gnupg
New contributor
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I am trying to write a plugin to my build tool which wraps GnuPG.
I have managed to do everything so far but the one thing I am stuck on is how to trust a newly added key without affecting the trust of existing keys.
If I first list the keys:
root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
tru::1:1542186184:0:3:1:5
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:::-:::scESC:::#:::23::0:
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
uid:-::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
sub:-:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:
We see that there is no value for the validity.
Now I have a command file:
root@7353afd2c546:/# cat /root/.gnupg/commands
trust
5
save
And when I run:
root@7353afd2c546:/# gpg --batch --yes --status-fd 1 --command-file /root/.gnupg/commands --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
[GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
Secret subkeys are available.
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
[GNUPG:] GET_LINE keyedit.prompt
[GNUPG:] GOT_IT
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
[GNUPG:] GET_LINE edit_ownertrust.value
[GNUPG:] GOT_IT
[GNUPG:] GET_LINE edit_ownertrust.value
[GNUPG:] GOT_IT
[GNUPG:] GET_LINE keyedit.prompt
[GNUPG:] GOT_IT
We see here that looks as though it successfully read the input from the file. However when I list the keys again the validity has not changed.
Yet if I edit the key manually:
root@7353afd2c546:/# gpg --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret subkeys are available.
pub rsa4096/B6A8B64B909CAF2F
created: 2018-11-07 expires: never usage: SC
trust: never validity: unknown
ssb rsa4096/0E839DDD93691327
created: 2018-11-07 expires: never usage: E
[ unknown] (1). Testy <test@example.com>
gpg> trust
pub rsa4096/B6A8B64B909CAF2F
created: 2018-11-07 expires: never usage: SC
trust: never validity: unknown
ssb rsa4096/0E839DDD93691327
created: 2018-11-07 expires: never usage: E
[ unknown] (1). Testy <test@example.com>
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
pub rsa4096/B6A8B64B909CAF2F
created: 2018-11-07 expires: never usage: SC
trust: ultimate validity: unknown
ssb rsa4096/0E839DDD93691327
created: 2018-11-07 expires: never usage: E
[ unknown] (1). Testy <test@example.com>
Please note that the shown key validity is not necessarily correct
unless you restart the program.
gpg> save
Key not changed so no update needed.
Then it works:
root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
gpg: checking the trustdb
tru:o:1:1542190815:1:3:1:5
[GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub:u:4096:1:B6A8B64B909CAF2F:1541574504:::u:::scESC:::#:::23::0:
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
uid:u::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
sub:u:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:
Why doesn't this work?
gnupg
New contributor
I am trying to write a plugin to my build tool which wraps GnuPG.
I have managed to do everything so far but the one thing I am stuck on is how to trust a newly added key without affecting the trust of existing keys.
If I first list the keys:
root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
tru::1:1542186184:0:3:1:5
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:::-:::scESC:::#:::23::0:
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
uid:-::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
sub:-:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:
We see that there is no value for the validity.
Now I have a command file:
root@7353afd2c546:/# cat /root/.gnupg/commands
trust
5
save
And when I run:
root@7353afd2c546:/# gpg --batch --yes --status-fd 1 --command-file /root/.gnupg/commands --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
[GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
Secret subkeys are available.
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
[GNUPG:] GET_LINE keyedit.prompt
[GNUPG:] GOT_IT
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
[GNUPG:] GET_LINE edit_ownertrust.value
[GNUPG:] GOT_IT
[GNUPG:] GET_LINE edit_ownertrust.value
[GNUPG:] GOT_IT
[GNUPG:] GET_LINE keyedit.prompt
[GNUPG:] GOT_IT
We see here that looks as though it successfully read the input from the file. However when I list the keys again the validity has not changed.
Yet if I edit the key manually:
root@7353afd2c546:/# gpg --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret subkeys are available.
pub rsa4096/B6A8B64B909CAF2F
created: 2018-11-07 expires: never usage: SC
trust: never validity: unknown
ssb rsa4096/0E839DDD93691327
created: 2018-11-07 expires: never usage: E
[ unknown] (1). Testy <test@example.com>
gpg> trust
pub rsa4096/B6A8B64B909CAF2F
created: 2018-11-07 expires: never usage: SC
trust: never validity: unknown
ssb rsa4096/0E839DDD93691327
created: 2018-11-07 expires: never usage: E
[ unknown] (1). Testy <test@example.com>
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
pub rsa4096/B6A8B64B909CAF2F
created: 2018-11-07 expires: never usage: SC
trust: ultimate validity: unknown
ssb rsa4096/0E839DDD93691327
created: 2018-11-07 expires: never usage: E
[ unknown] (1). Testy <test@example.com>
Please note that the shown key validity is not necessarily correct
unless you restart the program.
gpg> save
Key not changed so no update needed.
Then it works:
root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
gpg: checking the trustdb
tru:o:1:1542190815:1:3:1:5
[GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub:u:4096:1:B6A8B64B909CAF2F:1541574504:::u:::scESC:::#:::23::0:
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
uid:u::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
sub:u:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:
Why doesn't this work?
gnupg
gnupg
New contributor
New contributor
edited Nov 15 at 20:09
New contributor
asked Nov 14 at 10:24
Steiny
1014
1014
New contributor
New contributor
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
Your command file has trust 5
in a single line, even though the trust
command does not accept parameters. Instead it shows a separate prompt for the menu selection, which means the response should be in a separate line as well. Each prompt needs its own line in the command-file.
So the trust is not updated because GnuPG receives the word save
when it needs a number.
A faster way to set ownertrust is:
echo "DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:6:" | gpg --import-ownertrust
(The 6
is not a typo – it is the internal trust value, not the menu item number.)
Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't--import-ownertrust
overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.
– Steiny
Nov 15 at 19:59
I have updated the example with the parameters on separate lines.
– Steiny
Nov 15 at 20:12
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Your command file has trust 5
in a single line, even though the trust
command does not accept parameters. Instead it shows a separate prompt for the menu selection, which means the response should be in a separate line as well. Each prompt needs its own line in the command-file.
So the trust is not updated because GnuPG receives the word save
when it needs a number.
A faster way to set ownertrust is:
echo "DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:6:" | gpg --import-ownertrust
(The 6
is not a typo – it is the internal trust value, not the menu item number.)
Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't--import-ownertrust
overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.
– Steiny
Nov 15 at 19:59
I have updated the example with the parameters on separate lines.
– Steiny
Nov 15 at 20:12
add a comment |
up vote
0
down vote
Your command file has trust 5
in a single line, even though the trust
command does not accept parameters. Instead it shows a separate prompt for the menu selection, which means the response should be in a separate line as well. Each prompt needs its own line in the command-file.
So the trust is not updated because GnuPG receives the word save
when it needs a number.
A faster way to set ownertrust is:
echo "DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:6:" | gpg --import-ownertrust
(The 6
is not a typo – it is the internal trust value, not the menu item number.)
Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't--import-ownertrust
overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.
– Steiny
Nov 15 at 19:59
I have updated the example with the parameters on separate lines.
– Steiny
Nov 15 at 20:12
add a comment |
up vote
0
down vote
up vote
0
down vote
Your command file has trust 5
in a single line, even though the trust
command does not accept parameters. Instead it shows a separate prompt for the menu selection, which means the response should be in a separate line as well. Each prompt needs its own line in the command-file.
So the trust is not updated because GnuPG receives the word save
when it needs a number.
A faster way to set ownertrust is:
echo "DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:6:" | gpg --import-ownertrust
(The 6
is not a typo – it is the internal trust value, not the menu item number.)
Your command file has trust 5
in a single line, even though the trust
command does not accept parameters. Instead it shows a separate prompt for the menu selection, which means the response should be in a separate line as well. Each prompt needs its own line in the command-file.
So the trust is not updated because GnuPG receives the word save
when it needs a number.
A faster way to set ownertrust is:
echo "DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:6:" | gpg --import-ownertrust
(The 6
is not a typo – it is the internal trust value, not the menu item number.)
answered Nov 14 at 12:50
grawity
227k35475537
227k35475537
Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't--import-ownertrust
overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.
– Steiny
Nov 15 at 19:59
I have updated the example with the parameters on separate lines.
– Steiny
Nov 15 at 20:12
add a comment |
Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't--import-ownertrust
overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.
– Steiny
Nov 15 at 19:59
I have updated the example with the parameters on separate lines.
– Steiny
Nov 15 at 20:12
Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't
--import-ownertrust
overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.– Steiny
Nov 15 at 19:59
Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't
--import-ownertrust
overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.– Steiny
Nov 15 at 19:59
I have updated the example with the parameters on separate lines.
– Steiny
Nov 15 at 20:12
I have updated the example with the parameters on separate lines.
– Steiny
Nov 15 at 20:12
add a comment |
Steiny is a new contributor. Be nice, and check out our Code of Conduct.
Steiny is a new contributor. Be nice, and check out our Code of Conduct.
Steiny is a new contributor. Be nice, and check out our Code of Conduct.
Steiny is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1375264%2funable-to-edit-the-trust-using-gpg-and-a-command-file%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown