I'm a little confused as what this means.
What's happened is that someone has encrypted a message for me using my public key, and signed it with their private key – as per usual.
Next, I decrypt the message…
-bash-3.2$ gpg --decrypt /tmp/det_prod_cred.txt.asc gpg: encrypted with 2048-bit ELG-E key, ID 2E52ED13, created 2001-10-15 "XXXXXXX1" gpg: encrypted with 4096-bit RSA key, ID 0BB096A1, created 2009-08-12 "XXXXXXX2" username = XXXXXXXXXX3 password = XXXXXXXXXX4 gpg: Signature made Wed 12 Aug 2009 15:47:17 EST using DSA key ID C2E36CC8 gpg: Good signature from "17155x01" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 826A E10D 8AAB 49A0 E9B6 0478 3A70 240F C2E3 6CC8 gpg: WARNING: message was not integrity protected
…I know the message is verbose and I probably should understand what it is getting at – but I'm not confident that I do – so any further explanation on this would be appreciated.
Is it basically saying that the person who has signed this message, does not pass the rules defined in my trustdb?
$ gpg --update-trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
$ gpg --edit-key 0xC2E36CC8 gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. pub 1024D/C2E36CC8 created: 2001-10-15 expires: never usage: SCA trust: marginal validity: unknown sub 2048g/2E52ED13 created: 2001-10-15 expires: never usage: E [ unknown] (1). 17155x01
Notice I've only marginally trusted the key, if I fully trust it (which I can't), will the problem disappear?