6Oca
GPG why is my trusted key not certified with a trusted signature?
When I run
gpg --verify ~/file.asc ~/file
I receive the following:
gpg: Signature made Tue 10 Dec 2016 05:10:10 AM EST using RSA key ID abcdefgh
gpg: Good signature from "Alias (signing key) <john@alias.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: (a fingerprint)
Subkey fingerprint: (a fingerprint)
The primary fingerprint matches the output of gpg --fingerprints
In my keyring I have:
pub 4096R/abcdefgh 2014-12-12 [expires: 2020-08-02]
Key fingerprint = (A public finger print)
uid Alias (signing key) <john@alias.org>
sub 4096R/xcdertyu 2014-12-11 [expires: 2017-08-11]
I wanted to verify the authenticity of a file with the public key fingerprint. Note that the trust level is level 4 (full trust)
I believe this because:
:~$ gpg --edit-key abcdefgh
gpg (GnuPG) 1.4.18; Copyright (C) 2014 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub 4096R/abcdefgh created: 2014-12-12 expires: 2020-08-02 usage: C
trust: full validity: unknown
Should there be a reason for concern? Thanks for your patience as I learn more about crypto!
