Martin Miller
asked on
gpp (pgp) scripted processing, key without recipent email address
This first line work fine in my script as the key have a email in the -- recipient
----------
gpg --homedir /root/.gnupg --batch --no-tty --recipient prod2@ourcomp.com -o $f.enc -e $f
----------
This next command requires a user to confirm and does not work in my script... it works with user intervention in command line, not in my bash script called in cron
-----------------
gpg --homedir /root/.gnupg --batch --no-tty --recipient OurCompany -o $f.enc -e $f
---- here is out put of link above run directly in command line ... - ----
gpg --encrypt --recipient OurCompany -o Testing_02012012.txt.enc Testing_02012012.txt
gpg: 87F19A87: There is no assurance this key belongs to the named user
pub 2048R/87F19A87 2001-10-19 OurCompany (336-658-4000)
Primary key fingerprint: 29 51 7C 97 FD 77 50 2F 83 B0 51 B3 F5 18 2A A2
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N)
-----------
Below are my keys in the ring
---------------
# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 1024R/C9G50CC7 2008-02-11 [expires: 2013-02-10]
uid Our Companies Inc <prod2@ourcomp.com>
pub 2048R/B7F19A87 2001-10-19
uid OurCompany (336-658-4000)
----------
gpg --homedir /root/.gnupg --batch --no-tty --recipient prod2@ourcomp.com -o $f.enc -e $f
----------
This next command requires a user to confirm and does not work in my script... it works with user intervention in command line, not in my bash script called in cron
-----------------
gpg --homedir /root/.gnupg --batch --no-tty --recipient OurCompany -o $f.enc -e $f
---- here is out put of link above run directly in command line ... - ----
gpg --encrypt --recipient OurCompany -o Testing_02012012.txt.enc Testing_02012012.txt
gpg: 87F19A87: There is no assurance this key belongs to the named user
pub 2048R/87F19A87 2001-10-19 OurCompany (336-658-4000)
Primary key fingerprint: 29 51 7C 97 FD 77 50 2F 83 B0 51 B3 F5 18 2A A2
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N)
-----------
Below are my keys in the ring
---------------
# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 1024R/C9G50CC7 2008-02-11 [expires: 2013-02-10]
uid Our Companies Inc <prod2@ourcomp.com>
pub 2048R/B7F19A87 2001-10-19
uid OurCompany (336-658-4000)
ASKER
Adding to this....
(a) I shared there are 2 public keys added to ring, one does not have an email address associated with it. When using this key, it prompts for a user Y/n response. This breaks my automated script.
(b) This encryption is part of data exchange, not related to email. So, there will not be an email client involved.
Hope this helps clarify the challenge a little more.
(a) I shared there are 2 public keys added to ring, one does not have an email address associated with it. When using this key, it prompts for a user Y/n response. This breaks my automated script.
(b) This encryption is part of data exchange, not related to email. So, there will not be an email client involved.
Hope this helps clarify the challenge a little more.
The key chain should have keys based on recipients.
Are you asking on the command line switch for pgp/gpg to effectively have the yes as a response?
Try using the 336-658-4000 as the recipient key.
Are you asking on the command line switch for pgp/gpg to effectively have the yes as a response?
Try using the 336-658-4000 as the recipient key.
ASKER
Same results... requires user Y/N prompting... in all combinations, I added --batch, --no-tty to lessor the stdout info, and get to the point... The other party claims their key is fine...
gpg --batch --no-tty --encrypt --recipient OurCompany -o Item_Testing_02012012.txt. enc Item_Testing_02012012.txt
gpg: 87F19A87: There is no assurance this key belongs to the named user
gpg: Item_Testing_02012012.txt: encryption failed: unusable public key
gpg --batch --no-tty --encrypt --recipient 336-658-4000 -o Item_Testing_02012012.txt. enc Item_Testing_02012012.txt
gpg: 87F19A87: There is no assurance this key belongs to the named user
gpg: Item_Testing_02012012.txt: encryption failed: unusable public key
gpg --batch --no-tty --encrypt --recipient "OurCompany (336-658-4000)" -o Item_Testing_02012012.txt. enc Item_Testing_02012012.txt
gpg: 87F19A87: There is no assurance this key belongs to the named user
gpg: Item_Testing_02012012.txt: encryption failed: unusable public key
gpg --batch --no-tty --encrypt --recipient OurCompany -o Item_Testing_02012012.txt.
gpg: 87F19A87: There is no assurance this key belongs to the named user
gpg: Item_Testing_02012012.txt:
gpg --batch --no-tty --encrypt --recipient 336-658-4000 -o Item_Testing_02012012.txt.
gpg: 87F19A87: There is no assurance this key belongs to the named user
gpg: Item_Testing_02012012.txt:
gpg --batch --no-tty --encrypt --recipient "OurCompany (336-658-4000)" -o Item_Testing_02012012.txt.
gpg: 87F19A87: There is no assurance this key belongs to the named user
gpg: Item_Testing_02012012.txt:
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I corrected the info last provided for clarity
-------------------------- ---------- ---------- ------
From Command Prompt:
-------------------------- ---------- ---------- -----
gpg --edit-key OurCompany
-------------------------- ---------- ---------- ---------- ---------- ------
inside of next shell for edit-key, select 'trust'
-------------------------- ---------- ---------- ---------- ---------- -----
trust
-------------------------- ---------- ---------- ---------- ---------- -----
When prompted for Trust level, I selected, 5
-------------------------- ---------- ---------- ---------- ---------- -----
5
--------------------------
From Command Prompt:
--------------------------
gpg --edit-key OurCompany
--------------------------
inside of next shell for edit-key, select 'trust'
--------------------------
trust
--------------------------
When prompted for Trust level, I selected, 5
--------------------------
5
If there is no match the data will not be encrypted, though not sure why you are not using an email client such as mutt, pine with pop,gpg integrated?