I just checked my current amazon statement. No transfer this month, so mine hasn't been running either. It's not the gpg error though. Instead, I get this gem:
Error: Error: DBD::SQLite::db do failed: not an error(21) at dbdimp.c line 398 at /home/kvance/src/brackup/lib/Brackup/DigestDatabase.pm line 14.
Not an error, yeah.
![[User Picture]](http://l-userpic.livejournal.com/54541970/2) | From:  brad
2006-09-22 04:22 am (UTC)
| (Link)
|
Yay SQLite.
![[User Picture]](http://l-userpic.livejournal.com/36951816/24078) | From: scsi
2006-09-22 04:43 am (UTC)
| (Link)
|
try --batch and --trust-model always
Oh, right. That does say "no, I really meant --yes". I stand by the ideal that it shouldn't, but it does.
Er, well.
In GnuPG's defense... you are trying to encipher to a key that you haven't signed. So, um, sign the key and move on? Do that as part of "install" or "configure"? Or just pass the terminal through?
Honestly, I don't think that --yes should exist at all. This ain't Windows. This is something that people actually trust to provide security/privacy to a somewhat real degree. It's got a pretty good reason to do so when it asks if you're sure.
(Am I missing something?)
waitaminute
You're trying to encipher to your own key?
Okay, so I should actually go look at your code.
It sounds, though, like you're trying to use gpg in a session-specific context. It's not made for that... not even from a code-design point of view, from a cryptology point of view. There are cipher models that are made for that (I hear SSL is popular...) ... but their key models generally suck.
Maybe what you actually want for this job is one of the various gpg-agent thingies?
| From: brad
2006-09-22 04:23 pm (UTC)
| (Link)
|
I have no clue what I want.
I want to encrypt chunks of files before I spray them across to untrusted parties on the net. Then when I get them back later, I want to be the only person to decrypt the chunks. (assuming I have my private key on a USB stick, a CD, and written down on paper in a vault)
Okay, and ... for that, I just do gpg -e -r <my keyID>, and I don't get whining. I do also have "encrypt-to <my keyID>" in ~/gnupg/gpg.conf (so that I encrypt outgoing email to both me and the recipient by default, so I can read it later). I get whining that my key ID is already on the list, but it's non-fatal. It's possible that they've just changed the behavior... but the fact that the error output says that your trying to encipher to an untrusted key suggests to me that you've somehow dropped session awareness and are, for instance, using a functionally blank keychain in which your key's really not trusted.
If you're doing that on purpose... ie, doing this somewhere without your Real keychain (including, ie, self-sigs), then you really Should move your keychain over, and the encryption won't break. That'd be a "but that's how it's supposed to work" problem.
If you did that, and this is whinging at you despite it, then something's broke, but I'd be glad to take a few sober (hey, it's Saturday night, and I was working until ten minutes ago) moments to figure out what.
You're making me wonder if you are going to seriously spend hours typing your private key back from your printout.
| From: brad
2006-09-27 09:09 pm (UTC)
| (Link)
|
I'd also have it on CD, USB stick, etc.
But yes, if that was the only way to recover my data, I'd type it in. Or try and OCR it. etc.
that reminds me of when i blindly did a ports upgrade, upgrading wget in the process, and then wondering why my big "competitor monitoring" app was no longer working as well-
the authors of wget removed the "ignore robots.txt" option, in some holy gift to Internet goodwill or something...
check that your key is cross-signed with your own keyid.
it sounds like it isn't.
if not:
'gpg --edit-key 92FDF929'
this will take you into the key editing mode.
'cross-certify'
- this will fix your key up
'trust'
- enter that you 'ultimate'ly trust your own key
'save'
- save changes and exit.
I tried to check that keyid of yours, but it doesn't seem to be on the keyservers I use.
Oh yeah, or that. But I don't know how you'd have managed to create a key absent a self-signature without having an inkling you were doing so...
There was an advisory about it a while ago, and the cross-certify option was added.
In specific, some older versions of GnuPG didn't add the self-signature when they were supposed to. | 
