我成功重现了你遇到的问题。我是这样做的:
$ gpg --no-default-keyring --keyring ./test-keyring --secret-keyring ./test-secring --trustdb-name ./test-trustdb --no-random-seed-file --gen-key
<specified parameters and let it do its thing>
gpg: key 58018BFE marked as ultimately trusted
public and secret key created and signed.
<snip>
$
请注意,该过程将密钥标记为“最终信任”。
现在我要导出这些密钥:
$gpg --no-default-keyring --keyring ./test-keyring --secret-keyring ./test-secring --trustdb-name ./test-trustdb --no-random-seed-file --export-secret-keys -a >private.key
$gpg --no-default-keyring --keyring ./test-keyring --secret-keyring ./test-secring --trustdb-name ./test-trustdb --no-random-seed-file --export -a > public.key
现在我导入到一个新的gpg数据库中:
$gpg --no-default-keyring --keyring ./test2-keyring --secret-keyring ./test2-secring --trustdb-name ./test2-trustdb --no-random-seed-file --import public.key
$gpg --no-default-keyring --keyring ./test2-keyring --secret-keyring ./test2-secring --trustdb-name ./test2-trustdb --no-random-seed-file --import private.key
现在,如果我尝试使用新的密钥环进行加密,我会得到以下结果:
$ gpg --no-default-keyring --keyring ./test2-keyring --secret-keyring ./test2-secring --trustdb-name ./test2-trustdb --no-random-seed-file -r Fake -e
gpg: AE3034E1: There is no assurance this key belongs to the named user
pub 1024R/AE3034E1 2013-06-13 Fake User <fake@example.com>
Primary key fingerprint: AD4D BAFB 3960 6F9D 47C1 23BE B2E1 67A6 5801 8BFE
Subkey fingerprint: 58F2 3669 B8BD 1DFC 8B12 096F 5D19 AB91 AE30 34E1
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
这是因为“信任网络”模型的原因。默认情况下,要使公钥受到信任,需要1个“终极”信任证书(通常是您亲自验证了相关人员的身份),或者3个“边缘”信任证书(其中有人您认识,而他们认识您认识的人...签署了该证书)。
由于gpg是一个安全应用程序,如果您尝试加密到一个未被列为受信任的密钥,它会向您发出警告。在这种情况下,您自己的密钥之所以不受信任,很简单。这是因为您没有从先前的gpg实例中导出信任关系。要做到这一点,请使用--export-ownertrust和--import-ownertrust命令。
如常,请参考
man页面。