I've finally (!) got myself to the point of getting GnuPG working, having spent about a decade watching PGP's progress from the sidelines. Now, I have keys, I've added a keyserver line to ~/.gnupg/options, I can sign messages and (apparently) encrypt them. "GPA" is a nice little GUI for managing keys, and it shows everything appears to be well (as does gpg --list-keys). My trouble right now is verifying keys. If I send myself mail, it's correctly compared to my local copy (in my keyring?) and gpg says it's good. Other mail coming in triggers a lookup at pgp.mit.edu for keys, leading to strange results: ----------------------------------------------- gpg: Signature made Sun Dec 21 17:37:47 2003 MST using DSA key ID AC94E4B7 gpg: BAD signature from "s. keeling (21Dec2003) <keeling@spots.ab.ca>" gpg: Signature made Sun Dec 21 17:14:28 2003 MST using DSA key ID 946886AE gpg: Good signature from "Trey Sizemore <trey@fastmail.fm>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. gpg: Fingerprint: 683F FFE2 AA2D D341 6002 A973 8443 F068 9468 86AE gpg: Signature made Sun Dec 21 17:50:12 2003 MST using DSA key ID 946886AE gpg: BAD signature from "Trey Sizemore <trey@fastmail.fm>" gpg: Signature made Sun Dec 21 18:55:57 2003 MST using DSA key ID AC94E4B7 gpg: Good signature from "s. keeling (21Dec2003) <keeling@spots.ab.ca>" gpg: Signature made Sun Dec 21 20:32:36 2003 MST using DSA key ID 16D0B8EF gpg: BAD signature from "Joey Hess (email key) <joey@mooix.net>" ----------------------------------------------- The commands driving gpg in mutt were clipped right out of /etc/Muttrc (Woody 3.0r2): ----------------------------------------------- set pgp_autosign=no set pgp_sign_as=AC94E4B7 set pgp_replyencrypt=yes set pgp_timeout=1800 set pgp_decode_command="/usr/bin/gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose --quiet --batch --output - %f" set pgp_verify_command="/usr/bin/gpg --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f" set pgp_decrypt_command="/usr/bin/gpg --status-fd=2 --passphrase-fd 0 --no-verbose --quiet --batch --output - %f" set pgp_sign_command="/usr/bin/gpg --no-verbose --batch --quiet --output - --passphrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f" set pgp_clearsign_command="/usr/bin/gpg --no-verbose --batch --quiet --output - --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f" set pgp_encrypt_only_command="/usr/lib/mutt/pgpewrap /usr/bin/gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f" set pgp_encrypt_sign_command="/usr/lib/mutt/pgpewrap /usr/bin/gpg --passphrase-fd 0 --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f" set pgp_import_command="/usr/bin/gpg --no-verbose --import -v %f" set pgp_export_command="/usr/bin/gpg --no-verbose --export --armor %r" set pgp_verify_key_command="/usr/bin/gpg --verbose --batch --fingerprint --check-sigs %r" set pgp_list_pubring_command="/usr/bin/gpg --no-verbose --batch --quiet --with-colons --list-keys %r" set pgp_list_secring_command="/usr/bin/gpg --no-verbose --batch --quiet --with-colons --list-secret-keys %r" set pgp_good_sign="^\\[GNUPG:\\] VALIDSIG" ----------------------------------------------- Ideas anyone? I feel like I'm within spitting distance of the goal line, and I'm not getting any closer no matter what I do. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling - -
Attachment:
pgpMMxPuTb8np.pgp
Description: PGP signature