0

Similar to this: gnupg: There is no assurance this key belongs to the named user

But I want to set the trust level of an imported key pair within Python. Is this possible? And if so, how?

At the moment after trying to encrypt a file with the public key, I'm receiving the message:

"There is no assurance this key belongs to the named user\r\n[GNUPG:] INV_RECP 10 TestUser@Company.Com\r\n[GNUPG:] FAILURE sign-encrypt 53\r\ngpg: [stdin]: sign+encrypt failed: Unusable public key\r\n"

This is after running the following:

with open('Test.txt', 'rb') as f:
                status = gpg.encrypt_file(
                    f,sign=public_key_fingerprint,
                    recipients=private_key_recipient,
                    output = output_file
                )

status.status returns:

'invalid recipient'

EDIT:

private_key_recipient = 'TestUser@Company.Com'
RobTheRobot16
  • 323
  • 4
  • 24
  • can we see how you get `private_key_recipient` ? – Dash Winterson May 26 '21 at 10:33
  • @DashWinterson - That's actually obtained from a GCP secret JSON. It's a string of: 'TestUser@Company.Com'. – RobTheRobot16 May 26 '21 at 10:58
  • private_key_recipient should be a public GPG key iirc – Dash Winterson May 26 '21 at 11:00
  • @DashWinterson - I was going by: https://gist.github.com/ryantuck/56c5aaa8f9124422ac964629f4c8deb0 and: https://www.saltycrane.com/blog/2011/10/python-gnupg-gpg-example/ In both docs they use a list of recipients, with only one within. I've tried changing my single string to a list of a single recipient, with still the same result. – RobTheRobot16 May 26 '21 at 11:11
  • @DashWinterson - I also forgot to say following your comment I tried updating the private_key_recipient to the public key fingerprint, with still the same error message. – RobTheRobot16 May 26 '21 at 11:12
  • 1
    Just looking at the module there appears to be a `trust_keys` method. Does that do what you want? – larsks May 26 '21 at 11:33
  • it may be (according to the docs) that you need to specify it as a list? https://gnupg.readthedocs.io/en/latest/#encryption-and-decryption – Dash Winterson May 26 '21 at 11:45
  • @larsks - Wow. You know, I searched that documentation for "trust" and for some reason didn't see that section. Don't I feel the fool! Thanks very much! If you post that as a reply I'll mark it as the answer. Thanks also to DashWinterson for asking the initial questions and bearing with my answers :) – RobTheRobot16 May 26 '21 at 11:51

1 Answers1

2

Looking at pydoc gnupg I see:

trust_keys(self, fingerprints, trustlevel)

It's not documented, but it sounds like what you want.

larsks
  • 277,717
  • 41
  • 399
  • 399