gpg 加密文件而无需键盘交互 [英] gpg encrypt file without keyboard interaction

问题描述

我正在 crontab 中运行下一个命令来加密文件，但我不想要键盘交互

echo "密码" |gpg --passphrase-fd 0 -r 用户 --encrypt FILENAME.TXT

但我有这个答案:

gpg: C042XXXX: 不能保证这个密钥属于指定用户pub 40XXX/C042XXXX 2012-01-11 姓名姓氏.(评论)<user@email.com>主键指纹:XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX子密钥指纹:XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX不确定密钥是否属于名为的人在用户 ID 中.如果你*真的*知道你在做什么，你可以回答下一个问题是肯定的.还是要用这个键?(是/否)

解决方案

正如 David 所暗示的，这里的问题是 gpg 不信任您用来加密的公钥.你可以按照他的解释在钥匙上签名.

另一种选择——特别是如果密钥可能偶尔会发生变化——是将 --trust-model always 添加到您的 gpg 命令中.

这是手册页中的相关部分:

<块引用>

--trust-model pgp|classic|direct|always|auto设置 GnuPG 应该遵循的信任模型.这些模型是:pgp 这是与信任签名相结合的信任网络，如PGP 5.x 及更高版本.这是创建信任模型时的默认信任模型新的信任数据库.经典的这是 PGP 2.x 及更早版本中使用的标准信任网络.直接密钥有效性由用户直接设置，而不是通过计算信任网络.总是跳过密钥验证并假设使用的密钥总是完全信任.你通常不会使用它，除非你使用一些外部验证方案.此选项还抑制[不确定]"标签打印有签名检查时没有用户 ID 绑定到密钥的证据.auto 根据内部信任选择信任模型数据库说.如果这样的数据库，这是默认模型已经存在.

I am running next command within a crontab to encrypt a file and I don't want a keyboard interaction

echo "PASSPHRASE" | gpg --passphrase-fd 0 -r USER --encrypt FILENAME.TXT

but I have this answer:

gpg: C042XXXX: There is no assurance this key belongs to the named user

pub  40XXX/C042XXXX 2012-01-11 Name LastName. (comment) <user@email.com>
 Primary key fingerprint: XXXX XXXX XXXX XXXX XXXX  XXXX XXXX XXXX XXXX XXXX
      Subkey fingerprint: XXXX XXXX XXXX XXXX XXXX  XXXX XXXX XXXX XXXX XXXX

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) 

解决方案

As David intimated, the problem here is that gpg doesn't trust the public key you're using to encrypt. You could sign the key as he explained.

An alternative--especially if the key might be changing occasionally--would be to tack on --trust-model always to your gpg command.

Here's the relevant bit from the man page:

--trust-model pgp|classic|direct|always|auto

     Set what trust model GnuPG should follow. The models are:

     pgp    This is the Web of Trust combined with trust signatures as used in
            PGP 5.x and later. This is the default trust model when creating a
            new trust database.

     classic
            This is the standard Web of Trust as used in PGP 2.x and earlier.

     direct Key validity is set directly by the user and  not  calculated  via
            the Web of Trust.

     always Skip  key  validation  and  assume that used keys are always fully
            trusted. You generally won't use this unless you  are  using  some
            external  validation  scheme.  This  option  also  suppresses  the
            "[uncertain]" tag printed with signature checks when there  is  no
            evidence that the user ID is bound to the key.

     auto   Select  the  trust  model depending on whatever the internal trust
            database says. This is  the  default  model  if  such  a  database
            already exists.

这篇关于gpg 加密文件而无需键盘交互的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！