GPG trust keys

before I start describing the issue, I want to give you a quick introduction about GPG and why we need to use it

GPG is one of the great tools/algorithms to do encryption and it is one of the commonly used algorithms to secure data and files. GPG allowing you to use public/private keys to encrypt/decrypt files on both Windows and Linux Operating Systems. Public key is used to encrypt files ONLY, and you can’t use it to Decrypt files; to be able to decrypt files, you need to have the private key pair to the public key used in encryption. if so, you will be able to decrypt the files.

how to generate keys and how to use them is outside the scope of this article; so I’ll not describe them here and I assume you are familiar with these commands.

the main issue that I faced while trying to encrypt files is getting the following prompt message:

“It is not certain that the key belong to the person named in the user ID. if you *really* know what you are doing, you may answer the next question with yes.

while you are doing encryption manually, it is easy to do YES. but when you are using this inside a background process that doesn’t work and you need to let the GPG tool do encryption silently. to do this you need to trust public key that you are using. it is easy thing to do; follow the below steps:

gpg – edit-key <KeyName>

GPG will output some information, and show a line like:
trust: undefined     validity: unknown

then you need to use trust command; type “trust”:

GPG will output below message:

Please decide how far you trust this user to correctly verify other users’ keys
(by looking at passports, checking fingerprints from different sources, etc.)

1 = I don’t know or won’t say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

and we are done.. you need to quit from the command by type q then hit enter.