Unable to edit the trust using gpg and a command file











up vote
0
down vote

favorite












I am trying to write a plugin to my build tool which wraps GnuPG.



I have managed to do everything so far but the one thing I am stuck on is how to trust a newly added key without affecting the trust of existing keys.



If I first list the keys:



root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
tru::1:1542186184:0:3:1:5
pub:-:4096:1:B6A8B64B909CAF2F:1541574504:::-:::scESC:::#:::23::0:
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
uid:-::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
sub:-:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:


We see that there is no value for the validity.



Now I have a command file:



root@7353afd2c546:/# cat /root/.gnupg/commands
trust
5
save


And when I run:



root@7353afd2c546:/# gpg --batch --yes --status-fd 1 --command-file /root/.gnupg/commands --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
[GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
Secret subkeys are available.


pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
[GNUPG:] GET_LINE keyedit.prompt
[GNUPG:] GOT_IT

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu

pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
[GNUPG:] GET_LINE edit_ownertrust.value
[GNUPG:] GOT_IT
[GNUPG:] GET_LINE edit_ownertrust.value
[GNUPG:] GOT_IT

[GNUPG:] GET_LINE keyedit.prompt
[GNUPG:] GOT_IT


We see here that looks as though it successfully read the input from the file. However when I list the keys again the validity has not changed.



Yet if I edit the key manually:



root@7353afd2c546:/# gpg --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret subkeys are available.

pub rsa4096/B6A8B64B909CAF2F
created: 2018-11-07 expires: never usage: SC
trust: never validity: unknown
ssb rsa4096/0E839DDD93691327
created: 2018-11-07 expires: never usage: E
[ unknown] (1). Testy <test@example.com>

gpg> trust
pub rsa4096/B6A8B64B909CAF2F
created: 2018-11-07 expires: never usage: SC
trust: never validity: unknown
ssb rsa4096/0E839DDD93691327
created: 2018-11-07 expires: never usage: E
[ unknown] (1). Testy <test@example.com>

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

pub rsa4096/B6A8B64B909CAF2F
created: 2018-11-07 expires: never usage: SC
trust: ultimate validity: unknown
ssb rsa4096/0E839DDD93691327
created: 2018-11-07 expires: never usage: E
[ unknown] (1). Testy <test@example.com>
Please note that the shown key validity is not necessarily correct
unless you restart the program.

gpg> save
Key not changed so no update needed.


Then it works:



root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
gpg: checking the trustdb
tru:o:1:1542190815:1:3:1:5
[GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub:u:4096:1:B6A8B64B909CAF2F:1541574504:::u:::scESC:::#:::23::0:
fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
uid:u::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
sub:u:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:


Why doesn't this work?










share|improve this question









New contributor




Steiny is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
























    up vote
    0
    down vote

    favorite












    I am trying to write a plugin to my build tool which wraps GnuPG.



    I have managed to do everything so far but the one thing I am stuck on is how to trust a newly added key without affecting the trust of existing keys.



    If I first list the keys:



    root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
    tru::1:1542186184:0:3:1:5
    pub:-:4096:1:B6A8B64B909CAF2F:1541574504:::-:::scESC:::#:::23::0:
    fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
    grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
    uid:-::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
    sub:-:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
    fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
    grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:


    We see that there is no value for the validity.



    Now I have a command file:



    root@7353afd2c546:/# cat /root/.gnupg/commands
    trust
    5
    save


    And when I run:



    root@7353afd2c546:/# gpg --batch --yes --status-fd 1 --command-file /root/.gnupg/commands --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
    [GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
    Secret subkeys are available.


    pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
    fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
    ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
    fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
    uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
    [GNUPG:] GET_LINE keyedit.prompt
    [GNUPG:] GOT_IT

    Please decide how far you trust this user to correctly verify other users' keys
    (by looking at passports, checking fingerprints from different sources, etc.)

    1 = I don't know or won't say
    2 = I do NOT trust
    3 = I trust marginally
    4 = I trust fully
    5 = I trust ultimately
    m = back to the main menu

    pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
    fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
    ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
    fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
    uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
    [GNUPG:] GET_LINE edit_ownertrust.value
    [GNUPG:] GOT_IT
    [GNUPG:] GET_LINE edit_ownertrust.value
    [GNUPG:] GOT_IT

    [GNUPG:] GET_LINE keyedit.prompt
    [GNUPG:] GOT_IT


    We see here that looks as though it successfully read the input from the file. However when I list the keys again the validity has not changed.



    Yet if I edit the key manually:



    root@7353afd2c546:/# gpg --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
    gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.

    Secret subkeys are available.

    pub rsa4096/B6A8B64B909CAF2F
    created: 2018-11-07 expires: never usage: SC
    trust: never validity: unknown
    ssb rsa4096/0E839DDD93691327
    created: 2018-11-07 expires: never usage: E
    [ unknown] (1). Testy <test@example.com>

    gpg> trust
    pub rsa4096/B6A8B64B909CAF2F
    created: 2018-11-07 expires: never usage: SC
    trust: never validity: unknown
    ssb rsa4096/0E839DDD93691327
    created: 2018-11-07 expires: never usage: E
    [ unknown] (1). Testy <test@example.com>

    Please decide how far you trust this user to correctly verify other users' keys
    (by looking at passports, checking fingerprints from different sources, etc.)

    1 = I don't know or won't say
    2 = I do NOT trust
    3 = I trust marginally
    4 = I trust fully
    5 = I trust ultimately
    m = back to the main menu

    Your decision? 5
    Do you really want to set this key to ultimate trust? (y/N) y

    pub rsa4096/B6A8B64B909CAF2F
    created: 2018-11-07 expires: never usage: SC
    trust: ultimate validity: unknown
    ssb rsa4096/0E839DDD93691327
    created: 2018-11-07 expires: never usage: E
    [ unknown] (1). Testy <test@example.com>
    Please note that the shown key validity is not necessarily correct
    unless you restart the program.

    gpg> save
    Key not changed so no update needed.


    Then it works:



    root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
    gpg: checking the trustdb
    tru:o:1:1542190815:1:3:1:5
    [GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
    gpg: marginals needed: 3 completes needed: 1 trust model: pgp
    gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
    pub:u:4096:1:B6A8B64B909CAF2F:1541574504:::u:::scESC:::#:::23::0:
    fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
    grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
    uid:u::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
    sub:u:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
    fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
    grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:


    Why doesn't this work?










    share|improve this question









    New contributor




    Steiny is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.






















      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I am trying to write a plugin to my build tool which wraps GnuPG.



      I have managed to do everything so far but the one thing I am stuck on is how to trust a newly added key without affecting the trust of existing keys.



      If I first list the keys:



      root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
      tru::1:1542186184:0:3:1:5
      pub:-:4096:1:B6A8B64B909CAF2F:1541574504:::-:::scESC:::#:::23::0:
      fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
      grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
      uid:-::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
      sub:-:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
      fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
      grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:


      We see that there is no value for the validity.



      Now I have a command file:



      root@7353afd2c546:/# cat /root/.gnupg/commands
      trust
      5
      save


      And when I run:



      root@7353afd2c546:/# gpg --batch --yes --status-fd 1 --command-file /root/.gnupg/commands --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
      [GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
      Secret subkeys are available.


      pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
      fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
      ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
      fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
      uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
      [GNUPG:] GET_LINE keyedit.prompt
      [GNUPG:] GOT_IT

      Please decide how far you trust this user to correctly verify other users' keys
      (by looking at passports, checking fingerprints from different sources, etc.)

      1 = I don't know or won't say
      2 = I do NOT trust
      3 = I trust marginally
      4 = I trust fully
      5 = I trust ultimately
      m = back to the main menu

      pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
      fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
      ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
      fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
      uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
      [GNUPG:] GET_LINE edit_ownertrust.value
      [GNUPG:] GOT_IT
      [GNUPG:] GET_LINE edit_ownertrust.value
      [GNUPG:] GOT_IT

      [GNUPG:] GET_LINE keyedit.prompt
      [GNUPG:] GOT_IT


      We see here that looks as though it successfully read the input from the file. However when I list the keys again the validity has not changed.



      Yet if I edit the key manually:



      root@7353afd2c546:/# gpg --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
      gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.

      Secret subkeys are available.

      pub rsa4096/B6A8B64B909CAF2F
      created: 2018-11-07 expires: never usage: SC
      trust: never validity: unknown
      ssb rsa4096/0E839DDD93691327
      created: 2018-11-07 expires: never usage: E
      [ unknown] (1). Testy <test@example.com>

      gpg> trust
      pub rsa4096/B6A8B64B909CAF2F
      created: 2018-11-07 expires: never usage: SC
      trust: never validity: unknown
      ssb rsa4096/0E839DDD93691327
      created: 2018-11-07 expires: never usage: E
      [ unknown] (1). Testy <test@example.com>

      Please decide how far you trust this user to correctly verify other users' keys
      (by looking at passports, checking fingerprints from different sources, etc.)

      1 = I don't know or won't say
      2 = I do NOT trust
      3 = I trust marginally
      4 = I trust fully
      5 = I trust ultimately
      m = back to the main menu

      Your decision? 5
      Do you really want to set this key to ultimate trust? (y/N) y

      pub rsa4096/B6A8B64B909CAF2F
      created: 2018-11-07 expires: never usage: SC
      trust: ultimate validity: unknown
      ssb rsa4096/0E839DDD93691327
      created: 2018-11-07 expires: never usage: E
      [ unknown] (1). Testy <test@example.com>
      Please note that the shown key validity is not necessarily correct
      unless you restart the program.

      gpg> save
      Key not changed so no update needed.


      Then it works:



      root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
      gpg: checking the trustdb
      tru:o:1:1542190815:1:3:1:5
      [GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
      gpg: marginals needed: 3 completes needed: 1 trust model: pgp
      gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
      pub:u:4096:1:B6A8B64B909CAF2F:1541574504:::u:::scESC:::#:::23::0:
      fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
      grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
      uid:u::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
      sub:u:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
      fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
      grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:


      Why doesn't this work?










      share|improve this question









      New contributor




      Steiny is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      I am trying to write a plugin to my build tool which wraps GnuPG.



      I have managed to do everything so far but the one thing I am stuck on is how to trust a newly added key without affecting the trust of existing keys.



      If I first list the keys:



      root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
      tru::1:1542186184:0:3:1:5
      pub:-:4096:1:B6A8B64B909CAF2F:1541574504:::-:::scESC:::#:::23::0:
      fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
      grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
      uid:-::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
      sub:-:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
      fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
      grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:


      We see that there is no value for the validity.



      Now I have a command file:



      root@7353afd2c546:/# cat /root/.gnupg/commands
      trust
      5
      save


      And when I run:



      root@7353afd2c546:/# gpg --batch --yes --status-fd 1 --command-file /root/.gnupg/commands --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
      [GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
      Secret subkeys are available.


      pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
      fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
      ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
      fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
      uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
      [GNUPG:] GET_LINE keyedit.prompt
      [GNUPG:] GOT_IT

      Please decide how far you trust this user to correctly verify other users' keys
      (by looking at passports, checking fingerprints from different sources, etc.)

      1 = I don't know or won't say
      2 = I do NOT trust
      3 = I trust marginally
      4 = I trust fully
      5 = I trust ultimately
      m = back to the main menu

      pub:-:4096:1:B6A8B64B909CAF2F:1541574504:0::-:::sc
      fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
      ssb:-:4096:1:0E839DDD93691327:1541574504:0:::::e
      fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
      uid:-::::::::Testy <test@example.com>:::S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1,mdc,no-ks-modify:1,p::
      [GNUPG:] GET_LINE edit_ownertrust.value
      [GNUPG:] GOT_IT
      [GNUPG:] GET_LINE edit_ownertrust.value
      [GNUPG:] GOT_IT

      [GNUPG:] GET_LINE keyedit.prompt
      [GNUPG:] GOT_IT


      We see here that looks as though it successfully read the input from the file. However when I list the keys again the validity has not changed.



      Yet if I edit the key manually:



      root@7353afd2c546:/# gpg --edit-key DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F
      gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.

      Secret subkeys are available.

      pub rsa4096/B6A8B64B909CAF2F
      created: 2018-11-07 expires: never usage: SC
      trust: never validity: unknown
      ssb rsa4096/0E839DDD93691327
      created: 2018-11-07 expires: never usage: E
      [ unknown] (1). Testy <test@example.com>

      gpg> trust
      pub rsa4096/B6A8B64B909CAF2F
      created: 2018-11-07 expires: never usage: SC
      trust: never validity: unknown
      ssb rsa4096/0E839DDD93691327
      created: 2018-11-07 expires: never usage: E
      [ unknown] (1). Testy <test@example.com>

      Please decide how far you trust this user to correctly verify other users' keys
      (by looking at passports, checking fingerprints from different sources, etc.)

      1 = I don't know or won't say
      2 = I do NOT trust
      3 = I trust marginally
      4 = I trust fully
      5 = I trust ultimately
      m = back to the main menu

      Your decision? 5
      Do you really want to set this key to ultimate trust? (y/N) y

      pub rsa4096/B6A8B64B909CAF2F
      created: 2018-11-07 expires: never usage: SC
      trust: ultimate validity: unknown
      ssb rsa4096/0E839DDD93691327
      created: 2018-11-07 expires: never usage: E
      [ unknown] (1). Testy <test@example.com>
      Please note that the shown key validity is not necessarily correct
      unless you restart the program.

      gpg> save
      Key not changed so no update needed.


      Then it works:



      root@7353afd2c546:/# gpg --with-keygrip --with-secret --batch --with-colons --status-fd 1 --list-keys
      gpg: checking the trustdb
      tru:o:1:1542190815:1:3:1:5
      [GNUPG:] KEY_CONSIDERED DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F 0
      gpg: marginals needed: 3 completes needed: 1 trust model: pgp
      gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
      pub:u:4096:1:B6A8B64B909CAF2F:1541574504:::u:::scESC:::#:::23::0:
      fpr:::::::::DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:
      grp:::::::::9BEB53AD0C68FC629997DB0597DDD758C632B9CD:
      uid:u::::1541574504::5D90CFACEB3B07D9914327FD2981787B56ACD4A2::Testy <test@example.com>::::::::::0:
      sub:u:4096:1:0E839DDD93691327:1541574504::::::e:::+:::23:
      fpr:::::::::B9A633DBD1A309DB71ED55940E839DDD93691327:
      grp:::::::::6D475E5BA6A1502B1C083F780A537DBC15643EEA:


      Why doesn't this work?







      gnupg






      share|improve this question









      New contributor




      Steiny is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      Steiny is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited Nov 15 at 20:09





















      New contributor




      Steiny is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked Nov 14 at 10:24









      Steiny

      1014




      1014




      New contributor




      Steiny is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Steiny is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Steiny is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          Your command file has trust 5 in a single line, even though the trust command does not accept parameters. Instead it shows a separate prompt for the menu selection, which means the response should be in a separate line as well. Each prompt needs its own line in the command-file.



          So the trust is not updated because GnuPG receives the word save when it needs a number.



          A faster way to set ownertrust is:



          echo "DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:6:" | gpg --import-ownertrust


          (The 6 is not a typo – it is the internal trust value, not the menu item number.)






          share|improve this answer





















          • Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't --import-ownertrust overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.
            – Steiny
            Nov 15 at 19:59












          • I have updated the example with the parameters on separate lines.
            – Steiny
            Nov 15 at 20:12











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          Steiny is a new contributor. Be nice, and check out our Code of Conduct.










           

          draft saved


          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1375264%2funable-to-edit-the-trust-using-gpg-and-a-command-file%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote













          Your command file has trust 5 in a single line, even though the trust command does not accept parameters. Instead it shows a separate prompt for the menu selection, which means the response should be in a separate line as well. Each prompt needs its own line in the command-file.



          So the trust is not updated because GnuPG receives the word save when it needs a number.



          A faster way to set ownertrust is:



          echo "DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:6:" | gpg --import-ownertrust


          (The 6 is not a typo – it is the internal trust value, not the menu item number.)






          share|improve this answer





















          • Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't --import-ownertrust overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.
            – Steiny
            Nov 15 at 19:59












          • I have updated the example with the parameters on separate lines.
            – Steiny
            Nov 15 at 20:12















          up vote
          0
          down vote













          Your command file has trust 5 in a single line, even though the trust command does not accept parameters. Instead it shows a separate prompt for the menu selection, which means the response should be in a separate line as well. Each prompt needs its own line in the command-file.



          So the trust is not updated because GnuPG receives the word save when it needs a number.



          A faster way to set ownertrust is:



          echo "DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:6:" | gpg --import-ownertrust


          (The 6 is not a typo – it is the internal trust value, not the menu item number.)






          share|improve this answer





















          • Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't --import-ownertrust overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.
            – Steiny
            Nov 15 at 19:59












          • I have updated the example with the parameters on separate lines.
            – Steiny
            Nov 15 at 20:12













          up vote
          0
          down vote










          up vote
          0
          down vote









          Your command file has trust 5 in a single line, even though the trust command does not accept parameters. Instead it shows a separate prompt for the menu selection, which means the response should be in a separate line as well. Each prompt needs its own line in the command-file.



          So the trust is not updated because GnuPG receives the word save when it needs a number.



          A faster way to set ownertrust is:



          echo "DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:6:" | gpg --import-ownertrust


          (The 6 is not a typo – it is the internal trust value, not the menu item number.)






          share|improve this answer












          Your command file has trust 5 in a single line, even though the trust command does not accept parameters. Instead it shows a separate prompt for the menu selection, which means the response should be in a separate line as well. Each prompt needs its own line in the command-file.



          So the trust is not updated because GnuPG receives the word save when it needs a number.



          A faster way to set ownertrust is:



          echo "DE29CBE0AC9B2EB810E694D7B6A8B64B909CAF2F:6:" | gpg --import-ownertrust


          (The 6 is not a typo – it is the internal trust value, not the menu item number.)







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 14 at 12:50









          grawity

          227k35475537




          227k35475537












          • Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't --import-ownertrust overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.
            – Steiny
            Nov 15 at 19:59












          • I have updated the example with the parameters on separate lines.
            – Steiny
            Nov 15 at 20:12


















          • Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't --import-ownertrust overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.
            – Steiny
            Nov 15 at 19:59












          • I have updated the example with the parameters on separate lines.
            – Steiny
            Nov 15 at 20:12
















          Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't --import-ownertrust overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.
          – Steiny
          Nov 15 at 19:59






          Having them on separate lines makes no difference. I tried them on separate lines first. Doesn't --import-ownertrust overwrite the existing trust database? I only want to modify the trust for a single key and not touch the trust for the others.
          – Steiny
          Nov 15 at 19:59














          I have updated the example with the parameters on separate lines.
          – Steiny
          Nov 15 at 20:12




          I have updated the example with the parameters on separate lines.
          – Steiny
          Nov 15 at 20:12










          Steiny is a new contributor. Be nice, and check out our Code of Conduct.










           

          draft saved


          draft discarded


















          Steiny is a new contributor. Be nice, and check out our Code of Conduct.













          Steiny is a new contributor. Be nice, and check out our Code of Conduct.












          Steiny is a new contributor. Be nice, and check out our Code of Conduct.















           


          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1375264%2funable-to-edit-the-trust-using-gpg-and-a-command-file%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Plaza Victoria

          Puebla de Zaragoza

          Musa