Re: OT: More about GPG signing
On Thu, 2012-05-10 at 16:55 +0100, Roger Leigh wrote:
> On Thu, May 10, 2012 at 05:49:12PM +0200, Ralf Mardorf wrote:
> > On Thu, 2012-05-10 at 16:45 +0100, Phil Dobbin wrote:
> > > On 10/05/12 16:14, Tony van der Hoff wrote:
> > >
> > > > So, this message was signed.
> > > >
> > > > Having recently installed enigmail, to see what all the fuss is about
> > > > in the other thread. I find I'm at a loss to understand how to
> > > > interpret this.
> > > > -------------------------------------------------
> > > > OpenPGP Security Info
> > > >
> > > > Unverified signature
> > > >
> > > > gpg command line and output:
> > > > /usr/bin/gpg
> > > > gpg: Signature made Thu 10 May 2012 15:27:47 BST using RSA key ID A093C263
> > > > gpg: Can't check signature: public key not found
> > > > -------------------------------------------------
> > > >
> > > > Am I expected to go to some keyserver to find the sender's public key?
> > > > How, where, why?
> > > >
> > > > Maybe I've not set up Enigmail correctly?
> > > >
> > > > Alternatively, should I just ignore the signature, in which case why
> > > > is the sender polluting the list with useless crap?
> > >
> > > You have an option to import my key under your PGP menu should you wish
> > > to do so . If you have installed Enigmail then go ahead & do it.
>
> > With Evolution I can't. I need your keyserver and your keynumber.
>
> The key number is in the message (A093C263 above). The key servers
> are all public and mirrored with each other, so just pick one or
> more to use. If the person signing the message hasn't uploaded their
> key to a public keyserver, then they are perhaps not understanding
> what the public key is for ;)
This resulted in "Valid signature, but cannot verify sender (Phil Dobbin
<bukowskiscat@gmail.com>)":
gpg: armor header: Hash: SHA1
gpg: armor header: Version: GnuPG v1.4.11 (GNU/Linux)
gpg: armor header: Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org/
gpg: original file name=''
gpg: Signature made Thu 10 May 2012 05:45:50 PM CEST using RSA key ID
A093C263
gpg: using PGP trust model
gpg: Good signature from "Phil Dobbin <bukowskiscat@gmail.com>"
gpg: aka "[jpeg image of size 518977]"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: AADB 6887 80BF 485B EF0D 4DBC 23E6 616E A093
C263
gpg: textmode signature, digest algorithm SHA1
Reply to: