sys msg: It is not certina the key belongs to the person named in user_id????

anon53888320 · March 3, 2014, 9:07pm

I’m attempting to use GPG in a server that I can only access via remote desktop. It seems like GPG wants to install itself in a user account.
The account that I use to access the server is not a local account in the server.
So I think GPG is having trouble performing encryptions - - finding the correct public key file.

I’m getting this system message during encryption:
It is not certain the key belongs to the person in the user ID. Press YES to use this key anyway.

I need to use a DOS batch file to execute the encryption process.
And the keys are provided to me from the party to which I will be sending the data.
Should I export the keys and locate them in a folder and then call them out in the encryption command?

Thanks!!!
Duane

bernhard · March 4, 2014, 8:47am

Hi Duane,
the message means that there is no trust chain to your recipient certificate.
If you are sure that this is the right certificate to use, you could sign the certificate
with your trusted certificate.

gpg2 --edit ABCDEF12
will show you the trust status of this certificate.

Best,
Bernhard

anon53888320 · March 5, 2014, 2:56pm

Thank you very much Bernhard.
I apologize, I’m not familiar with how a “trust chain” works.
I’m also not familiar with the steps in signing the certificate with a trusted cert.

When I performed the GPG install, I obtained the software from the recipient.
The instructions included:

Opening up the GPA module
Click IMPORT
Navigate to select a file called “pubring.pkr”
Right click two key files and set to “Owner Trust = Ultimate”.

Perhaps that is the process that you are referring too?
I’m only guessing that because I did the install using remote desktop, the callout for encryption is not finding the correct certificate?

What would you suggest?
My very sincere thanks!!!
Duane :-]

anon53888320 · March 5, 2014, 4:37pm

I think I may have figured it out. :-]
Had to copy the GnuPG folder with all files after installation to a dedicated folder. And then create dos batch files to initiate the encryption within the GnuPG\pub folder.
Initiated the GPA module again, within this folder and set the keys to “ULTIMATE” trust. again there.
Appears that the encryption is working now.
Apparently GPG has an internal database file where it stores key info.
I’m guessing the GPA executable is able to modify trust settings for key files int that location. And when the encryption is performed, (without calling out a specific key in the gpg command), it defaults to the keys there.

I will be sending encrypted files to recipient to validate.
Thanks!!!