First off, what is a “keyring file”? It’s basically just a collection of public keys that you trust to sign other people’s messages or encrypt data for them. You can have multiple keyrings if you want, but let’s focus on the default one called `trusted.gpg`.
To add a new trusted key to your `trusted.gpg` file, follow these steps:
1. Find the public key that you want to trust (either by downloading it from someone else or generating it yourself). 2. Save this key in a file called `new_key.asc`. 3. Use GnuPG’s `–import` command to add this new key to your local keyring:
# Import the new key from the file "new_key.asc" into the local keyring using GnuPG's "--import" command
gpg --import new_key.asc
4. Verify that the key was added successfully by running `gpg –list-keys` and checking for the new ID in the output. 5. To trust this key, use GnuPG’s `–edit-key` command to open up an interactive session with your local copy of the key:
bash
# This script is used to open an interactive session with a local copy of a GPG key.
# It is used to verify and trust the key.
# The first line calls the gpg command and specifies the --edit-key option to open an interactive session.
# The <KEYID> placeholder should be replaced with the actual ID of the key.
gpg --edit-key <KEYID>
# This command will prompt the user to enter their passphrase for the key, if one is set.
# Once the interactive session is opened, the user can perform various actions on the key, such as verifying and trusting it.
# To verify the key, the user can run the gpg --list-keys command and check for the new ID in the output.
# To trust the key, the user can use GnuPG's --edit-key command to open an interactive session with their local copy of the key.
# The script does not specify any specific actions to be performed on the key, as it is dependent on the user's needs and preferences.
6. In the editor that pops up (which should look like a terminal window), type “trust” and press enter. This will bring up some options for how to trust this key you can choose from different levels of trust, depending on your needs:
– 0 = no trust
– 1 = marginal trust
– 2 = full trust (default)
– 3 = ultimate trust
7. Once you’ve selected the level of trust that you want to assign to this key, press enter again and then type “save” followed by enter. This will save your changes and exit the editor. 8. To add this trusted key to your `trusted.gpg` file (which is located in your GnuPG home directory), use GnuPG’s `–export` command:
# This script exports a trusted key in ASCII format and saves it in a file named "trusted_keys.asc"
# The key ID is provided as an argument to the script
# The "gpg" command is used to interact with GnuPG, a free implementation of the OpenPGP standard
# The "--output" option specifies the output file name
# The "--armor" option ensures that the output is in ASCII format
# The "--export" option exports the specified key
gpg --output trusted_keys.asc --armor --export "$1"
# Note: It is good practice to enclose variables in double quotes to prevent word splitting and globbing
# In this case, the key ID is provided as an argument to the script and is referenced using the "$1" variable
# This ensures that the script can handle key IDs with spaces or special characters
# The exported key can now be added to the "trusted.gpg" file in the GnuPG home directory
# This can be done using the "--import" command or by manually copying the key into the file
# It is important to only add trusted keys to this file, as they will be used to verify the authenticity of other keys and signatures
# Adding untrusted keys can compromise the security of the system
9. This will create a new ASCII-encoded file called `trusted_keys.asc`, which contains the public key that you just added to your local copy of GnuPG’s trust database. 10. To add this trusted key to your `trusted.gpg` file, simply move it into place:
# Move the file "trusted_keys.asc" to the directory "~/.gnupg/trustdb.d/"
mv trusted_keys.asc ~/.gnupg/trustdb.d/
That’s it! Your new trusted key should now be included in GnuPG’s trust database whenever you start up the program.