Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

gpg encrypt file without keyboard interaction [closed]

I am running next command within a crontab to encrypt a file and I don't want a keyboard interaction

echo "PASSPHRASE" | gpg --passphrase-fd 0 -r USER --encrypt FILENAME.TXT 

but I have this answer:

gpg: C042XXXX: There is no assurance this key belongs to the named user  pub  40XXX/C042XXXX 2012-01-11 Name LastName. (comment) <[email protected]>  Primary key fingerprint: XXXX XXXX XXXX XXXX XXXX  XXXX XXXX XXXX XXXX XXXX       Subkey fingerprint: XXXX XXXX XXXX XXXX XXXX  XXXX XXXX XXXX XXXX XXXX  It is NOT certain that the key belongs to the person named in the user ID.  If you *really* know what you are doing, you may answer the next question with yes.  Use this key anyway? (y/N)  
like image 755
coto Avatar asked Feb 27 '12 04:02

coto


People also ask

Can GPG encrypt files?

The GNU Privacy Guard (GPG or gpg) tool is a native/baseos security tool for encrypting files. According to the gpg man page: gpg is the OpenPGP (Pretty Good Privacy) part of the GNU Privacy Guard (GnuPG). It is a tool to provide digital encryption and signing services using the OpenPGP standard.

How do I encrypt a file using someone's public key GPG?

The --encrypt option tells gpg to encrypt the file, and the --sign option tells it to sign the file with your details. The --armor option tells gpg to create an ASCII file. The -r (recipient) option must be followed by the email address of the person you're sending the file to.

How does GPG file encryption work?

When you encrypt a file with GPG, it uses the private key. The new, encrypted file can then only be decrypted with the paired public key. The private key is meant to be stored in a fashion stated directly in its name – privately, and not given out to anyone.

Which command is used to encrypt file using GPG?

Encryption (gpg [--options] --encrypt file) You encrypt files by using the --encrypt command and specifying the file or data to be encrypted.. If you don't specify a recipient with your command, GPG prompts you to specify a recipient (whose public key must be on your keyring).


1 Answers

As David intimated, the problem here is that gpg doesn't trust the public key you're using to encrypt. You could sign the key as he explained.

An alternative--especially if the key might be changing occasionally--would be to tack on --trust-model always to your gpg command.

Here's the relevant bit from the man page:

--trust-model pgp|classic|direct|always|auto       Set what trust model GnuPG should follow. The models are:       pgp    This is the Web of Trust combined with trust signatures as used in             PGP 5.x and later. This is the default trust model when creating a             new trust database.       classic             This is the standard Web of Trust as used in PGP 2.x and earlier.       direct Key validity is set directly by the user and  not  calculated  via             the Web of Trust.       always Skip  key  validation  and  assume that used keys are always fully             trusted. You generally won't use this unless you  are  using  some             external  validation  scheme.  This  option  also  suppresses  the             "[uncertain]" tag printed with signature checks when there  is  no             evidence that the user ID is bound to the key.       auto   Select  the  trust  model depending on whatever the internal trust             database says. This is  the  default  model  if  such  a  database             already exists. 
like image 174
rsaw Avatar answered Sep 21 '22 12:09

rsaw