Re: Kmail and gpg
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> so you have to do
> gpg --edit-key <email-address>
> Command> sign
> Command> trust
> Command> save
No! You should only ever sign a key if you can be sure the key belongs to the
person who claims to own it. This generally means you have received the key
(or its fingerprint) through a non-electronic medium - such as in person on a
slip of paper - and you have verified the identify of its owner, such as by
checking a drivers' license or passport.
The whole point of key signing is to get around the problem of verifying whose
keys are whose, which is the weakest point of this particular cryptographic
system.
Please read the GnuPG docs (package gnupg-doc) for details. In particular,
you should read through section 3.6 of the mini-HOWTO (the section on key
signing).
Ben.
- --
Ben Burton
benb@acm.org | bab@debian.org
Public Key: finger bab@db.debian.org
Paradoxically though it may seem, it is none the less true that life
imitates art far more than art imitates life.
- Oscar Wilde
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE9nENUMQNuxza4YcERAmUrAJ4zIeBgoKffB8vVfer9Hl90kRtDWgCaA4lr
IBwXaWHuopJekoDnbfHulEk=
=X+3p
-----END PGP SIGNATURE-----
Reply to: