Mailing List Archive: --yes option working?

--yes option working?

May 21, 1998, 6:20 PM

Post #1 of 3 (615 views)

I ran into this problem while implementing an Emacs interface to
GNUPG (which I will post as soon as its ready):

When I run the following command (for an addressee who is NOT in the
trust database):

gpg -a -r "Ben Sussman" --batch --yes -o - -e < z

I get this output:

gpg: Warning: using insecure memory!
gpg: no info to calculate a trust probability
gpg: no valid addressees
gpg: [stdin]: encryption failed: No such user id

Okay. So I removed the "--batch" flag, and got this:

Could not find a valid trust path to the key. Let's see whether we
can assign some missing owner trust values.

No ownertrust values changed.

It is NOT certain that the key belongs to its owner.
If you *really* know what you are doing, you may answer
the next question with yes

Use this key anyway?

I had thought that GPG would assume the answer to be "yes", since I
passed the "--yes" flag, but it prompted me anyway.

What to do?

-Karl

Re: --yes option working? [ In reply to ]

wk at isil

May 21, 1998, 9:38 PM

Post #2 of 3 (599 views)

Permalink

Karl Fogel <kfogel@floss.onshore.com> writes:

> Use this key anyway?
>
> I had thought that GPG would assume the answer to be "yes", since I
> passed the "--yes" flag, but it prompted me anyway.

Make sure that there is enough trust for this user. The definition of
--yes is "assume yes on _most_ questions".

I can see that that is not an alternative for you, but simple pass a
--yes or (hypothetical) --strong-yes is not good. What you should do
is:

- if you get such an error message (I should add a status error
message (to avoid NLS probs) for this (see --status-fd))
- use a list option ( --list-key --with-colons ):
"pub::768:16:E1139763E1D81275:1998-02-09:0:::we..."
!--- you should find some trust information here ;-)
to show the user that it is not secure to use this key
OR
- the status information (which I should add) can you give
a hint about the problem
AND THEN
- use a new option to override this check.

There is no such option yet and I'm thinking whether to add some kind
of "--force-xxx" or a way to say that key xy is always trusted (this
may be better because I can record this in the TrustDB).

Please don't use such a --force option per default. I'll add some
stuff soon.

Werner

Re: --yes option working? [ In reply to ]

kfogel at floss

May 21, 1998, 10:00 PM

Post #3 of 3 (593 views)

Permalink

Werner Koch wrote:
>There is no such option yet and I'm thinking whether to add some kind
>of "--force-xxx" or a way to say that key xy is always trusted (this
>may be better because I can record this in the TrustDB).
>
>Please don't use such a --force option per default. I'll add some
>stuff soon.

Okay, don't worry. I think I have got a good way for gnupgp.el to
handle all such question prompts now, without making the elisp code
messy either.

Just tonight I got it working finally: I can do M-x
gnupgp-encrypt-region and it handles both untrusted and trusted
addressees. Happiness. :-)

A --force flag to GPG is by no means necessary; it is possible to have
"force" in the Emacs interface regardless of whether GPG supports it
natively.