Embedded Files
After importing a key, trust element is automatically handled if you certified it in the past. Otherwise, you have to validate the source of the key, the integrity of key, etc. before trusting the key manually. How to do those is outside of this guide. This section guides you on how to trusting a key manually.
Import The Key
Import The Key
Firstly, you would need to import the key into your keyring. Go ahead and import the keyfile:
Trusting The Key Manually
Trusting The Key Manually
Now is to trust the key manually.
Identify Target Primary Key ID
Identify Target Primary Key ID
The next step is to identify the target primary key ID. This is done through the following command:
gpg --list-keysExample:
$ gpg --list-keys...---------------------------...sec rsa4096 2018-09-23 [SC] 1F6E1C8C1F1A3458A267EEFD445AC05FC0F56EA9uid [ unknown] Jane (Michael) Smith (Personal Individual Identity) <jane.smith@example.com>ssb rsa4096 2018-09-23 [E]ssb rsa4096 2018-09-23 [E]ssb rsa4096 2018-09-23 [S]In the example above,
- The primary key ID is:
1F6E1C8C1F1A3458A267EEFD445AC05FC0F56EA9. Make sure this is the target key with unknown trust level.
Edit the Key
Edit the Key
Use --edit-key <key-ID> command to edit it. Based on the example ID above, it is:
$ gpg --edit-key 1F6E1C8C1F1A3458A267EEFD445AC05FC0F56EA9gpg (GnuPG) 2.1.18; Copyright (C) 2017 Free Software Foundation, Inc.This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.Secret key is available.sec rsa4096/445AC05FC0F56EA9 created: 2018-09-23 expires: never usage: SC trust: unknown validity: unknownssb rsa4096/E0F5C6ECC87BF4FB created: 2018-09-23 expires: never usage: E ssb rsa4096/226B3ACC3859EF97 created: 2018-09-23 expires: never usage: E ssb rsa4096/DFF009F42B8F65F1 created: 2018-09-23 expires: never usage: S [ unknown] (1). Jane (Michael) Smith (Personal Individual Identity) <jane.smith@example.com>gpg> Trust The Key
Trust The Key
Type in "trust" command to begin the trust process. Follows the instruction based on your own trust level. Example,
- Say I know this key is originated from my offline secure storage, I can trust it "ultimately".
- Say the key is trusted by 2 fully trusted key already, I can trust it "fully" or "marginally" depending on your case.
- Say you know the key source was from a compromised location, you set it "not to trust".
Place the number of your decision and re-confirm it. Keep in mind that the display is not updated upon edit. You'll need to quit this session and check again later. Type quit to exit.
IMPORTANT NOTEYou do not simply trust key with ultimate trust. Use it sparingly and only to 1 primary secret key which is your key.Managing others' keys would only reaches as high as fully trusted.Example:
gpg> trustsec rsa4096/445AC05FC0F56EA9 created: 2018-09-23 expires: never usage: SC trust: unknown validity: unknownssb rsa4096/E0F5C6ECC87BF4FB created: 2018-09-23 expires: never usage: E ssb rsa4096/226B3ACC3859EF97 created: 2018-09-23 expires: never usage: E ssb rsa4096/DFF009F42B8F65F1 created: 2018-09-23 expires: never usage: S [ unknown] (1). Jane (Michael) Smith (Personal Individual Identity) <jane.smith@example.com>Please decide how far you trust this user to correctly verify other users' keys(by looking at passports, checking fingerprints from different sources, etc.) 1 = I don't know or won't say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menuYour decision? 5Do you really want to set this key to ultimate trust? (y/N) yQuit and Save It
Quit and Save It
Once you're done, you can proceed to save and quit. As presented by the notice, you may ignore the "unknown" trust label for now. Example:
sec rsa4096/445AC05FC0F56EA9 created: 2018-09-23 expires: never usage: SC trust: ultimate validity: unknownssb rsa4096/E0F5C6ECC87BF4FB created: 2018-09-23 expires: never usage: E ssb rsa4096/226B3ACC3859EF97 created: 2018-09-23 expires: never usage: E ssb rsa4096/DFF009F42B8F65F1 created: 2018-09-23 expires: never usage: S [ unknown] (1). Jane (Michael) Smith (Personal Individual Identity) <jane.smith@example.com>Please note that the shown key validity is not necessarily correctunless you restart the program.gpg> quitVerify Trust Changes
Verify Trust Changes
You can verify it using --list-keys command:
$ gpg --list-keysYou should get something like this, notice the unknown has changed to ultimate / your choice of trust:
/home/jane/.gnupg/pubring.kbx---------------------------------sec rsa4096 2018-09-23 [SC] 1F6E1C8C1F1A3458A267EEFD445AC05FC0F56EA9uid [ full ] Jane (Michael) Smith (Personal Individual Identity) <jane.smith@example.com>ssb rsa4096 2018-09-23 [E]ssb rsa4096 2018-09-23 [E]ssb rsa4096 2018-09-23 [S]That's all about trusting a key manually in GnuPG.
Page updated
Google Sites
Report abuse