Login/Register
gnupg: There is no assurance this key belongs to the named user
Asked Answered
Solved encryptionpasswordspublic-key-encryptiongnupg
A

2

190

I'm trying to use interesting password management tool named Pass.

I did the following:

  1. Installed gpg tool $ sudo dnf install gpg
  2. Generated a key using $ gpg --gen-key
  3. Typed $ pass init "foobar id of my gpg key" as stated here
  4. Got

mkdir: created directory ‘/home/chichivica/.password-store/’ Password store initialized for [email protected]

  1. Tried to add a simple password

$ pass insert foo Enter password for foo: Retype password for foo:

  1. And there is the problem

gpg: A45A123C: There is no assurance this key belongs to the named user gpg: [stdin]: encryption failed: Unusable public key

Could anyone give me some advice?

Apotheosize answered 27/10, 2015 at 6:16 Comment(10)
What is gpg -K printing?Perdita
@JensErat just this /home/chichivica/.gnupg/secring.gpg ----------------------------------- sec 2048R/96F0E0C0 2015-10-26 uid Ivan Talalaev (chichivica) <[email protected]> ssb 2048R/76A1D91D 2015-10-26 Apotheosize
Where in (6) is the ID A45A123C coming from? Your master key ID is another one.Perdita
@JensErat So, it's a question. Actually I do not know. I couldn't find any occurrences of this string!Apotheosize
Is it listed using gpg --list-keys A45A123C? What exactly did you specify in pass init? "foobar id" does not really explain what you have done.Perdita
@JensErat 1. gpg --list-keys A45A123C result: gpg: error reading key: public key not found 2. As stated here I passed in pass init "Ivan Talalaev (chichivica) <[email protected]>". Also I tried pass init "[email protected]" with the same result.Apotheosize
Try pass init 96F0E0C0.Perdita
@JensErat I have already try that. Exactly the same result :(Apotheosize
Hi @Ivan, I also encounter this problem today. Were you able to solve it, how did you do it? ThanksSubsequence
It appears that --list-keys may not list encryption subkey IDs, but gpg --list-keys --keyid-format long doesDegeneracy
R
380

I had the same issue after copying my key pair from one machine to another. The solution for me was the set the trust level of the keys:

gpg --edit-key <KEY_ID>
gpg> trust

You will be asked to select the trust level from the following:

1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu

I selected 5 since I created the key so of course I trust it ultimately :). It will ask you to confirm your decision:

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

After confirming, quit with:

gpg> quit

You should then be able to encrypt using that key.

Roley answered 7/12, 2015 at 11:52 Comment(6)
key_id is the mailid you have usedLingerfelt
gpg> quit to exit.Superficies
or simply gpg> q also exits.Valorie
Unfortunately it did not work for me. Still get the same message. I had a script that used a passwordless key to encrypt my duplicity backups. Looks like I have to accept unencrypted from now on. :(Caliche
i had to set the trust explicitly for the encryption ssb, i.e. select it first in the gpg prompt with key <SSB_ID> so that an asterisk appears next to itTweeze
Would it be still working if I select 1 for trust level?Trounce
Z
4

I had same issue in batch mode and adding the flag --trust-model always worked for me.

The full command for batch mode with Ultimate trust, non-interactive passphrase is as below:

gpg --batch --trust-model always --recipient <recipient uid> --pinentry-mode=loopback --passphrase <your passphrase> --encrypt-files *.*

Zwolle answered 15/12, 2022 at 10:41 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.