GPG Key Trust

by on Sep.17, 2012, under Linux

When importing a public key onto another machine, you may have configure gpg to
trust the key. Otherwise, when you use the key to do encryption, you may
see a prompt like this:

It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N)

To trust the key, run:
gpg --edit-key NAME

GPG will output some information, and show a line like:
trust: undefined validity: unknown

You will be at a console, and you have to type "trust":
Command> trust
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

Type "quit" to quit. If you run gpg --edit-key NAME again, you will
see a line as below, which means the key is now trusted.
trust: ultimate validity: ultimate

No comments for this entry yet...

Leave a Reply

You must be logged in to post a comment.

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

But Wait, There's More!

A few highly recommended friends...