我遇到了以下令人费解的行为GPG
:在我为收件人的密钥设置信任后,gpg 仍然抱怨它不知道是否应该使用加密子密钥并提示输入。
以下是各个步骤:
创建我自己的密钥对
我在这里只包含这一步,因为否则 gpg 会抱怨它找不到具有最终信任的密钥,我认为该密钥随后会用于签署 trustdb。
$ gpg --genkey
gpg (GnuPG) 2.3.7; Copyright (C) 2021 Free Software Foundation, Inc.
[...]
pub ed25519 2023-12-02 [SC] [expires: 2025-12-01]
BDCCA3DA3E0961575FC797B66E51892F600D443B
uid Testy Testerson <[email protected]>
sub cv25519 2023-12-02 [E] [expires: 2025-12-01]
导入收件人的密钥
gpg --import ~/tmp/fiend.pubkey
gpg: key 7507E17705538C1C: public key "Friend of Testy Testerson <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
对导入的密钥分配“完全”信任:
$ gpg-edit-key $(gpg --list-keys | grep DF57EKDF57E)
[...]
pub ed25519/7507E17705538C1C
created: 2023-12-02 expires: 2025-12-01 usage: SC
trust: unknown validity: unknown
sub cv25519/F2FA4C3E9932F093
created: 2023-12-02 expires: 2025-12-01 usage: E
[ unknown] (1). Friend of Testy Testerson <[email protected]>
gpg> trust
pub ed25519/7507E17705538C1C
created: 2023-12-02 expires: 2025-12-01 usage: SC
trust: unknown validity: unknown
sub cv25519/F2FA4C3E9932F093
created: 2023-12-02 expires: 2025-12-01 usage: E
[ unknown] (1). Friend of Testy Testerson <[email protected]>
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 4
pub ed25519/7507E17705538C1C
created: 2023-12-02 expires: 2025-12-01 usage: SC
trust: full validity: ultimate
sub cv25519/F2FA4C3E9932F093
created: 2023-12-02 expires: 2025-12-01 usage: E
[ultimate] (1). Friend of Testy Testerson <[email protected]>
gpg> save
Key not changed so no update needed.
验证是否trustdb
已正确更新:
$ gpg --export-ownertrust
# List of assigned trustvalues, created Sat Dec 2 14:27:26 2023 MST
# (Use "gpg --import-ownertrust" to restore them)
BDCCA3DA3E0961575FC797B66E51892F600D443B:6:
DF57E983DFD9EFA53DF3C0CD7507E17705538C1C:5:
尝试使用收件人密钥进行加密
这是关键:我希望 gpg 知道此时的信任级别,并且不会大惊小怪:
$ gpg -e --recipient $(gpg --list-keys | grep DF57E) --output ./test.gpg ./test
gpg: F2FA4C3E9932F093: There is no assurance this key belongs to the named user
sub cv25519/F2FA4C3E9932F093 2023-12-02 Friend of Testy Testerson <[email protected]>
Primary key fingerprint: DF57 E983 DFD9 EFA5 3DF3 C0CD 7507 E177 0553 8C1C
Subkey fingerprint: CD16 DC41 E806 92A1 1590 A0EB F2FA 4C3E 9932 F093
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) n