4

I was using gpg to just for encryption and decryption purpose.

the commands I used are:

for enc:
gpg --sign test
for dec:
gpg --decrypt test.gpg > test

but I am getting below warning messages :

gpg: Signature made Fri Jun 24 17:29:00 2016 UTC using RSA key ID XXXX
gpg: Good signature from "XXXX@xxxx.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.

off course I have tried with --status-fd, --no-comment, --no-mdc-warning,--no-tty ,--no-verbose --quiet --batch, --no-greeting etc based on Internet search.

Is there a way to get rid off these warning messages ?

As a last option, I am using How to hide command output in bash

But I think there should be an easy method to suppress warning in gpg.

Community
  • 1
  • 1
AKV
  • 425
  • 7
  • 20

3 Answers3

9

The warning is being shown on STDERR, you can redirect the STDERR stream to /dev/null to get rid of the warning:

gpg --decrypt test.gpg 2>/dev/null

Saving the STDOUT too:

gpg --decrypt test.gpg 2>/dev/null >test
heemayl
  • 39,294
  • 7
  • 70
  • 76
  • thats excellent. I have tried a similar in a wrong way. gpg --decrypt test.gpg 2>/dev/null >test but in that case it was overwriting the file. But you answer works fine. It solved the issue. Thank you.. – AKV Jun 24 '16 at 22:02
  • @ArunKuttiyaraVarghese Glad I could help:) – heemayl Jun 24 '16 at 22:07
1

but I am getting below warning messages :

gpg: Signature made Fri Jun 24 17:29:00 2016 UTC using RSA key ID XXXX
gpg: Good signature from "XXXX@xxxx.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.

The first two lines are not actually a warning message, but just inform you of a correct signature (the file you decrypted was not only encrypted, but also signed). The last two messages indicate that the signing key could not be verified.

Do not simply discard all output to stderr, as this hides actual problems and errors! Instead of simply suppressing all warning and error messages, better consider this individual message. The issue is that the key cannot be validated, ie. no trust path can be established. Given you verified the key (are sure about the owner), best solution would be to issue a certification. Open the GnuPG key editing command line:

gpg --edit-key [key-id]

and then certify the key using the sign command. You could also lsign (locally sign) the key if you want to be sure the certification will not leave your computer.

Alternatively (and only use this for testing environments or if you're otherwise sure about having the key verified, or definitely do not have to care about where the message came from) you could apply the --trust-model always option.

Jens Erat
  • 37,523
  • 16
  • 80
  • 96
0

This question was asked a few years ago, but these days gpg does have a --quiet (or -q) switch. So commands like gpg --decrypt --quiet <filename> work.

The man page has details, and I've confirmed it works with gpg 2.2.x.

sigint
  • 1,842
  • 1
  • 22
  • 27