• caglararli@hotmail.com
  • 05386281520

GPG why is my trusted key not certified with a trusted signature?

Çağlar Arlı      -    22 Views

GPG why is my trusted key not certified with a trusted signature?

When I run

gpg --verify ~/file.asc ~/file

I receive the following:

gpg: Signature made Tue 10 Dec 2016 05:10:10 AM EST using RSA key ID abcdefgh
gpg: Good signature from "Alias (signing key) <john@alias.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: (a fingerprint)
     Subkey fingerprint: (a fingerprint)

The primary fingerprint matches the output of gpg --fingerprints In my keyring I have:

pub   4096R/abcdefgh 2014-12-12 [expires: 2020-08-02]
      Key fingerprint = (A public finger print)
uid                  Alias (signing key) <john@alias.org>
sub   4096R/xcdertyu 2014-12-11 [expires: 2017-08-11]

I wanted to verify the authenticity of a file with the public key fingerprint. Note that the trust level is level 4 (full trust)

I believe this because:

:~$ gpg --edit-key abcdefgh
gpg (GnuPG) 1.4.18; Copyright (C) 2014 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub  4096R/abcdefgh  created: 2014-12-12  expires: 2020-08-02  usage: C   
                     trust: full          validity: unknown

Should there be a reason for concern? Thanks for your patience as I learn more about crypto!