我正在编写一个使用gpg加密文件的脚本。在从命令行使用gpg进行测试/实验期间,我发现了一些奇怪的行为。这完全没问题:
$ cat myFile.txt | gpg --encrypt -r 'jdoe@gmail.com'
gpg: B2D17635: There is no assurance this key belongs to the named user
pub 4096R/B2D17635 2016-01-31 John Doe (I am now a real person.) <jdoe@gmail.com>
Primary key fingerprint: B17F 98BA 1DA9 3FE1 A08F 1443 509D 87ED 32AF 2078
Subkey fingerprint: BB63 42DA 8FAD 194A E1C9 1F6D 39BA 73B9 B2D1 7635
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) y
�
Nϴ��[�mDZ.@�Bc���J������z�{p���%
<GIBBERISH SNIPPED>
i�)��/&N��t�Z�8�#�I<�Bq�!�K?�vQ�I�H6&+��(
但我不喜欢这样,因为我交互式地输入'y'。我希望它假设“是”并进行加密而不需要任何交互性。所以我使用--batch和--yes开关运行以下命令。为什么会失败?
$ cat myFile.txt | gpg --encrypt --batch --yes -r 'jdoe@gmail.com'
gpg: B2D17635: There is no assurance this key belongs to the named user
gpg: [stdin]: encryption failed: unusable public key
答案 0 :(得分:1)
您从GnuPG收到的错误是因为您的密钥环中的公钥不受信任/验证。因为您的OP声明您正在运行测试,您可能需要查看为我自己的实验编写的帮助程序脚本中的代码GnuPG_Gen_Key.sh,特别是下面复制/修改的函数。
#!/usr/bin/env bash
Var_gnupg_import_key="${1}"
Var_gnupg_import_key_trust="${2}"
Func_import_gnupg_key_edit_trust(){
_gnupg_import_key="${1:-${Var_gnupg_import_key}}"
gpg --no-tty --command-fd 0 --edit-key ${_gnupg_import_key} <<EOF
trust
${Var_gnupg_import_key_trust}
quit
EOF
}
Func_import_gnupg_key(){
_gnupg_import_key="${1:-${Var_gnupg_import_key}}"
if [ -f "${_gnupg_import_key}" ]; then
echo "# ${Var_script_name} reports: importing key file [${_gnupg_import_key}]"
gpg --no-tty --command-fd 0 --import ${_gnupg_import_key} <<EOF
trust
${Var_gnupg_import_key_trust}
quit
EOF
else
_grep_string='not found on keyserver'
gpg --dry-run --batch --search-keys ${_gnupg_import_key} --keyserver ${Var_gnupg_key_server} | grep -qE "${_grep_string}"
_exit_status=$?
if [ "${_exit_status}" != "0" ]; then
_key_fingerprint="$(gpg --no-tty --batch --dry-run --search-keys ${_gnupg_import_key} | awk '/key /{print $5}' | tail -n1)"
_key_fingerprint="${_key_fingerprint//,/}"
if [ "${#_key_fingerprint}" != "0" ]; then
echo "# ${Var_script_name} reports: importing key [${_key_fingerprint}] from keyserver [${Var_gnupg_key_server}]"
gpg --keyserver ${Var_gnupg_key_server} --recv-keys ${_key_fingerprint}
Func_import_gnupg_key_edit_trust "${_gnupg_import_key}"
else
echo "# ${Var_script_name} reports: error no public key [${_gnupg_import_key}] as file or on key server [${Var_gnupg_key_server}]"
fi
else
echo "# ${Var_script_name} reports: error no public key [${_gnupg_import_key}] as file or on key server [${Var_gnupg_key_server}]"
fi
fi
}
可以使用上述信任公钥或使用以下命令让GnuPG忽略信任问题。
gpg --armor --always-trust -r 'jdoe@gmail.com' -e myFile.txt -o myFile.txt.gpg
注意我已经添加了--armor选项,因为OP中的输出看起来已经错过了基于剪切输出的选项。
答案 1 :(得分:0)
您必须在命令中添加--always-trust:
echo "test" | gpg --batch --yes --always-trust --encrypt --armor -r "mail@example.com"