Re: Mutt and GPG - claims ALL signatures can't be verified
On Fri, 11 Jun 2010 21:37:57 +0300, Alexander Batischev wrote:
> On Fri, Jun 11, 2010 at 06:21:14PM +0000, Camale??n wrote:
>> In order to verify a signed message, either you have to previosuly
>> import the key into your keyring or you need to setup Mutt to retrieve
>> the key from public servers.
>
> I have all the keys retrieved (previously, I run gpg --recv-keys keyID
> every time I face with new key; now I just set "keyserver-options
> auto-key-retrieve" in ~/.gnupg/gpg.conf, so all new keys are retrieved
> automatically). And it still doesn't explain why my own signature can't
> be verified, too.
Then maybe is that you have to "explicitely" import the key and trust
that key. Did you already do that? :-?
> When I open my own message, I have this on the top, right between
> headers and body:
>
> [-- PGP output follows (current time: Fri Jun 11 21:26:24 2010) --] gpg:
> Signature made Fri Jun 11 20:48:09 2010 EEST using DSA key ID 69093C81
> gpg: Good signature from "Alexander Batischev <eual.jp@gmail.com>" gpg:
> WARNING: This key is not certified with a trusted signature! gpg:
> There is no indication that the signature belongs to the owner.
> Primary key fingerprint: F870 A381 B5F5 D2A1 1B35 4D63 A1A7 1C77 6909
> 3C81 [-- End of PGP output --]
>
> I'm little worried about "not certified with a trusted signature" - it's
> my own signature, it should be trusted, innit?
Yes, I also see that warning in Mutt for signed e-mails coming for users
that I have not added nor marked as "trusted" into my keyring.
Also, test it with another e-mail client (thunderbird, kmail,
evolution...) so you can compare the results.
Greetings,
--
Camaleón
Reply to: