GPG command line encryption
 

Hello,

I would appreciate it if someone would clarify gpg encryption.

essentially I run the command


I then receive a prompt

My question is there a way to skip this prompt and/or have it automatically enter y?


if it matters i am running linux debian 4.9.168...

Are you encrypting files to keep yourself or are you emailing them to someone? I only encrypted files to keep for myself so I can't speak as to how to use gpg with email.

I have received a public key i am encrytping the file so i can send to someone else.

I've never done this but is the public key imported into your configuration so gpg knows it exists? Guessing "MyReciever" is an alias or just placeholder for the recipient's email address so you don't post it publicly here?

Sorry for the vague answers but as I mentioned, I have never used gpg to send an encrypted file. I am quite familiar with PKI though, just not that implementation.

yes, I imported into my keyring.

as a side note the entire encryption process works fine. i can encrypt a message without issue. i am trying to do it in a script which is why i am trying to avoid the

The message indicates that in the web of trust no connection can be made between you and the selected key and that confidence in the authenticity of that key has not yet been established.

This is what key-signing is about.

What you do normally in this case is a
to see the details of the key. Then you either phone up the holder of the key or (better) visit her/him at home to compare these data with those that she/he can establish for her/his own key. This way the identity of the user's key with the one that you have is established.

Next, you sign the key with your own to certify the validity of the key. You created a new connection in the web of trust and GnuPG will no longer ask for confirmations. Even other people, who trust *your* key already, can now trust the other user's key.

See also: Key-signing party.
See also: TOFU
See also: Self-signing a key

comp.security.pgp FAQ - Very old and outdated, but still conveys the basics.

thanks for the clarification
is there a way to avoid signing the key and still generating a valid encrypted file?

basically, if i didn't care and just wanted to encrypt the file since i have the public key of the receiver?

I am sorry, but I do not understand the question. GnuPG asks “use this key anyway?”, and I bet your English is better than mine.

This is what it is all about. Maybe I have not been clear enough in my previous post. You say, you have the key of the receiver.
If you know that the key is authentic, GnuPG lets you set a trust-level for the key. ALL is in the manuals. The manuals to GnuPG are among the best ever written for any software.

See here: https://www.gnupg.org/gph/en/manual/x334.html

Thanks, Michael for the reply. You lead me down the right path.

I used the information you provided along with this (https://ianatkinson.net/computing/gnupg.htm) website to avoid having to sign the key.

Also, made me aware of other ways also such as this https://blog.tersmitten.nl/how-to-ul...ractively.html.

What I usually do is use --lsign-key, which is basically saying I trust the key for my own use, but I'm not prepared to vouch for it to others.

Another solution would be to use yes and the pipe the command into it, such:
That way you'll be able to automate it into a script without worrying about the prompt, if you don't care about understanding gpg and its whole gpg-web-of-trust thing.

Could be funny. Engrave this into a stone and fling it at someone you really hate...
Naa... I think it is funny.