我最近从一个 Ubuntu 安装迁移到另一个安装,并在此过程中更改了我的用户名。我将我的公钥/私钥对导入到 gpg 中,虽然解密(使用我的私钥)工作正常,但每当我尝试用我的公钥对自己加密某些东西时,我都会收到以下警告消息:
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
之后它会问我是否真的想使用钥匙(我总是回答“是”,因为它实际上是我钥匙圈中唯一的钥匙,我知道它来自哪里)。我可以很好地解密东西,那么为什么每当我尝试加密某些东西时 gpg 都会发出嘶嘶声呢?以及如何防止此消息再次出现?
小智 33
我遇到了同样的问题,但是我无法再访问旧密钥。因此,您可以使用以下方法重新建立对旧密钥的信任:
gpg --edit-key YOUR@KEY.ID
gpg> trust
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
小智 18
我设法重现了您遇到的问题。我这样做了:
$ gpg --no-default-keyring --keyring ./test-keyring --secret-keyring ./test-secring --trustdb-name ./test-trustdb --no-random-seed-file --gen-key
<specified parameters and let it do its thing>
gpg: key 58018BFE marked as ultimately trusted
public and secret key created and signed.
<snip>
$
请注意,该过程将密钥标记为“最终受信任”。
现在我导出密钥:
$gpg --no-default-keyring --keyring ./test-keyring --secret-keyring ./test-secring --trustdb-name ./test-trustdb --no-random-seed-file --export-secret-keys -a >private.key
$gpg --no-default-keyring --keyring ./test-keyring --secret-keyring ./test-secring --trustdb-name ./test-trustdb --no-random-seed-file --export -a > public.key
现在我导入到一个新的 gpg 数据库:
$gpg --no-default-keyring --keyring ./test2-keyring --secret-keyring ./test2-secring --trustdb-name ./test2-trustdb --no-random-seed-file --import public.key
$gpg --no-default-keyring --keyring ./test2-keyring --secret-keyring ./test2-secring --trustdb-name ./test2-trustdb --no-random-seed-file --import private.key
现在,如果我尝试使用新的密钥环进行加密,我会得到:
$ gpg --no-default-keyring --keyring ./test2-keyring --secret-keyring ./test2-secring --trustdb-name ./test2-trustdb --no-random-seed-file -r Fake -e
gpg: AE3034E1: There is no assurance this key belongs to the named user
pub 1024R/AE3034E1 2013-06-13 Fake User <fake@example.com>
Primary key fingerprint: AD4D BAFB 3960 6F9D 47C1 23BE B2E1 67A6 5801 8BFE
Subkey fingerprint: 58F2 3669 B8BD 1DFC 8B12 096F 5D19 AB91 AE30 34E1
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
这样做的原因是“信任网络”模型。默认情况下,为了让公钥受信任,它需要 1 个“最终”信任证书(通常是您亲自验证了相关人员的身份)或 3 个“边缘”信任证书(您认识的人,谁知道你认识的人......已经签署了证书)。
因为 gpg 是一个安全应用程序,它会在您尝试加密未列为受信任的密钥时向您发出警告。在这种情况下,您自己的密钥不受信任的原因很简单。这是因为您没有从之前的 gpg 实例中导出信任关系。为此,请使用 --export-ownertrust 和 --import-ownertrust 命令。
与往常一样,请参阅手册页。
您可以使用该--always-trust标志跳过此消息。
| 归档时间: |
|
| 查看次数: |
22244 次 |
| 最近记录: |