To change the owner trust value of a given public (GPG) key you would normally use the gpg --edit-key 8A581CE7. This presents us a menu which enables you to do all key related tasks:
root@ubuntu-1404:~# gpg --edit-key 8A581CE7
gpg (GnuPG) 1.4.16; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 4096R/8A581CE7 created: 2015-04-30 expires: never usage: SCEA
trust: ultimate validity: ultimate
sub 4096R/968AB157 created: 2015-04-30 expires: never usage: SEA
[ultimate] (1). Duplicity Backup <root@foo.bar>
gpg> trust
pub 4096R/8A581CE7 created: 2015-04-30 expires: never usage: SCEA
trust: ultimate validity: ultimate
sub 4096R/968AB157 created: 2015-04-30 expires: never usage: SEA
[ultimate] (1). Duplicity Backup <root@foo.bar>
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
pub 4096R/8A581CE7 created: 2015-04-30 expires: never usage: SCEA
trust: ultimate validity: ultimate
sub 4096R/968AB157 created: 2015-04-30 expires: never usage: SEA
[ultimate] (1). Duplicity Backup <root@foo.bar>
But that requires interaction. What if we would need to do it from a shell script for instance?
Method 1, shell magic
The output of gpg --export-ownertrust looks like this:
# List of assigned trustvalues, created Thu 30 Apr 2015 08:56:18 PM UTC
# (Use "gpg --import-ownertrust" to restore them)
A38FBA1F60F422597F6441D5E1C4C3898A581CE7:6:
So let’s see how we can recreate that without using gpg --export-ownertrust:
Get the fingerprint of key 8A581CE7:
gpg --list-keys --fingerprint | grep 8A581CE7 -A 1 | tail -1
Remove all the spaces and get the right part:
tr -d '[:space:]' | awk 'BEGIN { FS = "=" } ; { print $2 }'
final version, feeded to gpg --import-ownertrust:
echo "$( \
gpg --list-keys --fingerprint \
| grep 8A581CE7 -A 1 | tail -1 \
| tr -d '[:space:]' | awk 'BEGIN { FS = "=" } ; { print $2 }' \
):6:" | gpg --import-ownertrust;
Method 2, expect
Expect is a program that “talks” to other interactive programs according to a script. Following the script, Expect knows what can be expected from a program and what the correct response should be.
Install expect:
apt-get install expect
Create an expect script:
root@ubuntu-1404:~# cat set-trust.exp
#!/usr/bin/expect
set timeout 10
spawn /usr/bin/gpg --edit-key $argv 0 --yes trust quit
expect "Your decision? " { send "5\r" }
expect "Do you really want to set this key to ultimate trust? (y/N) " { send "y\r" }
interact
Run the expect script (with argument):
chmod 0755 ./set-trust.exp
./set-trust.exp 8A581CE7