Mailing List Archive: GnuPG: users

Export key to multiple servers

Index | Next | Previous | View Threaded

yenrak at gmail

Sep 28, 2009, 9:46 AM

Post #1 of 2 (626 views)
Permalink

Export key to multiple servers

I am trying to export a secret key created on my local box to multiple
servers. Let's say the key is 12345678.

The goal is to have 1 script which runs on all the servers to encrypt and
backup the data to S3. And 1 script to decrypt the data for restores.

currently i've done

gpg --output secret --export-secret-keys "Real name"
gpg --output public --export "Real name"

secret & public have been scp'd to the servers.

>From the servers I ran

gpg --import secret
gpg --import public

Now, when I try to encrypt the data

gpg --recipient 12345678 --encrypt file

I get

gpg: 12345678: There is no assurance this key belongs to the named user
It is NOT certain that the key belongs to the person named in the user
ID. If you *really* know what you are doing, you may answer the next
question with yes.

I don't have a public key so I can't use gpg --sign-key. And if I do create
a public key; can the same script be used to "decrypt" the files for
restores across all the servers?

How can I import the keys on the servers so the servers can encrypt data?
And data can be decrypted using the key (12345678)?
--
View this message in context: http://www.nabble.com/Export-key-to-multiple-servers-tp25648831p25648831.html
Sent from the GnuPG - User mailing list archive at Nabble.com.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

free10pro at gmail

Sep 29, 2009, 11:19 AM

Post #2 of 2 (545 views)
Permalink

Re: Export key to multiple servers [In reply to]

On Mon, 2009-09-28 at 09:46 -0700, kearney wrote:
> I am trying to export a secret key created on my local box to multiple
> servers. Let's say the key is 12345678.
>
> The goal is to have 1 script which runs on all the servers to encrypt and
> backup the data to S3. And 1 script to decrypt the data for restores.
>
> currently i've done
>
> gpg --output secret --export-secret-keys "Real name"
> gpg --output public --export "Real name"
>
> secret & public have been scp'd to the servers.
>
> >From the servers I ran
>
> gpg --import secret
> gpg --import public
>
> Now, when I try to encrypt the data
>
> gpg --recipient 12345678 --encrypt file
>
> I get
>
> gpg: 12345678: There is no assurance this key belongs to the named user
> It is NOT certain that the key belongs to the person named in the user
> ID. If you *really* know what you are doing, you may answer the next
> question with yes.
>
> I don't have a public key so I can't use gpg --sign-key. And if I do create
> a public key; can the same script be used to "decrypt" the files for
> restores across all the servers?
>
> How can I import the keys on the servers so the servers can encrypt data?
> And data can be decrypted using the key (12345678)?

You don't need a public key to suppress this warning. The reason gpg is
warning about the validity of this key is that when gpg exports keys,
the ownertrust information, which is kept in ~/.gnupg/trustdb.gpg, isn't
exported with the key. When you imported the keys onto your server, gpg
didn't import any ownertrust information.

If you created a signing key (we'll call it AABBCCDD) and signed your
key 12345678 with AABBCCDD, gpg wouldn't trust the signature unless it
trusted the owner of the key (ownertrust). The answer lies in fixing
the ownertrust.

You need to edit the key with the following commands.

gpg --edit-key 12345678
trust

Gpg will ask how much trust to give. Choose 5, which is ultimate,
because you own the secret key.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads