Re: OT: More about GPG signing
On Thu, May 10, 2012 at 05:49:12PM +0200, Ralf Mardorf wrote:
> On Thu, 2012-05-10 at 16:45 +0100, Phil Dobbin wrote:
> > On 10/05/12 16:14, Tony van der Hoff wrote:
> >
> > > So, this message was signed.
> > >
> > > Having recently installed enigmail, to see what all the fuss is about
> > > in the other thread. I find I'm at a loss to understand how to
> > > interpret this.
> > > -------------------------------------------------
> > > OpenPGP Security Info
> > >
> > > Unverified signature
> > >
> > > gpg command line and output:
> > > /usr/bin/gpg
> > > gpg: Signature made Thu 10 May 2012 15:27:47 BST using RSA key ID A093C263
> > > gpg: Can't check signature: public key not found
> > > -------------------------------------------------
> > >
> > > Am I expected to go to some keyserver to find the sender's public key?
> > > How, where, why?
> > >
> > > Maybe I've not set up Enigmail correctly?
> > >
> > > Alternatively, should I just ignore the signature, in which case why
> > > is the sender polluting the list with useless crap?
> >
> > You have an option to import my key under your PGP menu should you wish
> > to do so . If you have installed Enigmail then go ahead & do it.
> With Evolution I can't. I need your keyserver and your keynumber.
The key number is in the message (A093C263 above). The key servers
are all public and mirrored with each other, so just pick one or
more to use. If the person signing the message hasn't uploaded their
key to a public keyserver, then they are perhaps not understanding
what the public key is for ;)
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' schroot and sbuild http://alioth.debian.org/projects/buildd-tools
`- GPG Public Key F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800
Reply to: