On Fri, 2004-03-26 at 03:59, Joerg Johannes wrote:
> Am Fr, den 26.03.2004 schrieb Paul Johnson um 04:52:
> > Joerg Johannes <liste_joerg@gmx.de> writes:
> >
> > > Am Do, den 25.03.2004 schrieb Paul Johnson um 03:03:
> > >> For any signature, it's generally considered polite to put in a "-- "
> > >> (that is, dash dash space newline) on a line by itself. See my signature
> > >> for an example.
> > >>
> > >> See also: http://www.newbie.org/
> > >>
> > >> - --
> > > Errh, your sig starts with "- -- \n". Bad example. Go fix it.
> > >
> > > joerg
> >
> > Not when using inline PGP signatures, then it's considered valid.
>
> OK, sorry for that. But now to something else: I use evolution as mua,
> and I don't quite understand what to do with inline PGP signatures. When
> the signature is attached, I see a lock symbol at the bottom of the
> mail, and when clicking on that lock the signature is checked (if the
> key is available). This does not work with inline signed messages: I see
> only the
> -----BEGIN PGP SIGNATURE-----
> ...
> -----END PGP SIGNATURE-----
> signature, but I don't know how to check the validity of such a
> signature.
> Is this brokenness of evolution? Or am I missing something fundamental?
>
> joerg
What you're seeing is the ASCII armored ('armoured' in the rest of the
English speaking world outside of the US :) PGP signature. I don't know
if there's a way to 'teach' evolution about them, but if there is I've
never found it. If you want to check the validity of a signature that
has been encoded inline like that, you should save the message to disk
and then manually run 'gpg --verify testmessage.txt'.
It's not a solution you're going to want to use on a daily basis, but if
you want to encrypt your mail to someone who prefers it (such as myself,
see sig) you should obviously make sure that you can get a valid
signature from them first before email them off-list with an encrypted
email. Once you've verified that the signature is valid (or at least as
valid as its going to get without having to go to a key signing party),
then you can RELATIVELY safely assume that the key is REASONABLY valid.
(Of course, when dealing with public key systems, unless you personally
got that key from a TRUSTED individual on some form of non-modifiable
media and have had them verify it, you can't be all THAT sure, but for
day to day communications you can be sure enough.)
--
Alex Malinovich
Support Free Software, delete your Windows partition TODAY!
Encrypted mail preferred. You can get my public key from any of the
pgp.net keyservers. Key ID: A6D24837
Attachment:
signature.asc
Description: This is a digitally signed message part