无键盘交互GPG加密文件 [英] gpg encrypt file without keyboard interaction

问题描述

我是一个crontab内运行一个命令加密文件，我不希望有一个键盘交互

 回声密码短语| GPG --passphrase-FD 0 -r用户--encrypt FILENAME.TXT
 

但我有这样的回答：

  GPG：C042XXXX：我们不保证该密钥所属的命名用户酒馆40XXX / C042XXXX 2012-01-11名称姓氏。 （评论）LT; user@email.com>
 主键指纹：XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
      子项指纹：XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX现在还不能确定该密钥属于被点名的人
在用户ID。如果你真的* *知道你在做什么，
你可能会回答与是下一个问题。反正使用此键？ （Y / N）
 

解决方案

当大卫暗示，这里的问题是，GPG不信任你使用加密的公钥。他解释说，你可以签署的关键。

这是另一种 - 尤其是如果密钥可能会偶尔改变 - 将钉在 - 信任模型总是来你的GPG命令

下面是从该名男子页的相关位：

  

- 信任模型PGP |经典|直接|永远|汽车     GnuPG的设置应该遵循什么信任模型。该型号有：     PGP这是信托与信托联合签名的网站在使用
            PGP 5.x和更高版本。这是默认的信任模型创建时
            新的信任数据库。     经典
            这是信任的标准Web为PGP 2.x的使用和更早版本。     直接键有效性由用户直接设置，并通过未计算
            信任的网站。     总是跳过密钥验证，并假设使用的键总是充分
            值得信赖的。你，除非你使用的是一些通常不会用这个
            外部验证方案。此选项还燮presses的
            [不定]标签印有签名检查时，有没有
            证据表明用户ID绑定到密钥。     自动根据不管内部信任选择信任模型
            数据库说。这是默认模型，如果这样的数据库
            已存在。


I am running next command within a crontab to encrypt a file and I don't want a keyboard interaction

echo "PASSPHRASE" | gpg --passphrase-fd 0 -r USER --encrypt FILENAME.TXT

but I have this answer:

gpg: C042XXXX: There is no assurance this key belongs to the named user

pub  40XXX/C042XXXX 2012-01-11 Name LastName. (comment) <user@email.com>
 Primary key fingerprint: XXXX XXXX XXXX XXXX XXXX  XXXX XXXX XXXX XXXX XXXX
      Subkey fingerprint: XXXX XXXX XXXX XXXX XXXX  XXXX XXXX XXXX XXXX XXXX

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) 

解决方案

As David intimated, the problem here is that gpg doesn't trust the public key you're using to encrypt. You could sign the key as he explained.

An alternative--especially if the key might be changing occasionally--would be to tack on --trust-model always to your gpg command.

Here's the relevant bit from the man page:

--trust-model pgp|classic|direct|always|auto

     Set what trust model GnuPG should follow. The models are:

     pgp    This is the Web of Trust combined with trust signatures as used in
            PGP 5.x and later. This is the default trust model when creating a
            new trust database.

     classic
            This is the standard Web of Trust as used in PGP 2.x and earlier.

     direct Key validity is set directly by the user and  not  calculated  via
            the Web of Trust.

     always Skip  key  validation  and  assume that used keys are always fully
            trusted. You generally won't use this unless you  are  using  some
            external  validation  scheme.  This  option  also  suppresses  the
            "[uncertain]" tag printed with signature checks when there  is  no
            evidence that the user ID is bound to the key.

     auto   Select  the  trust  model depending on whatever the internal trust
            database says. This is  the  default  model  if  such  a  database
            already exists.

这篇关于无键盘交互GPG加密文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！