<<< Date Index >>>     <<< Thread Index >>>

Re: about pgp-signed messages



On Tue, Nov 04, 2003 at 09:21:35PM +0100, Aron Stansvik wrote:

> > > On the other hand, I finds signed messages annoying.  I don't have
> > > any of senders' public keys -- this is an international forum, after
> > > all -- so pgp verification always fails.
> > 
> > Well, you can set GPG to automatically fetch keys, or you can manually 
> > fetch keys you care about (which is what I do, with a handy little script).
> 
> How does this actually work? I have my pgp_getkeys_command set to:
> 
> gpg --keyserver hkp://wwwkeys.pgp.net --recv-keys %r

That looks about right.  You may wanna just DL the getkeys script
(that I got a while ago from somebody else on this list) from me [1].
It allows you to search multiple keyservers.

> Should this work, provided that the sender of the signed email I'm
> reading has its public key exported to this server (or any other? how
> does HKP work?).

I dunno ... I never really got interested in the mechanics of how/why.

> Verification of your signature fails on my setup,

as indeed it should, since I've never posted my key to a keyserver,
and nobody else has posted my key to a major keyserver

> how can I tell Mutt to
> download your public key from the URL specified by the X-GPG-Key-Direct-Link
> header and import it into my keyring? I've looked through the online
> manual, but can't see anything about these headers, maybe I'm missing
> something.

I just DL the key, save it to a file, and then --import it.

> PS. Could you successfully verify the signature of this email? I have
> exported my public key to hkp://wwwkeys.pgp.net. DS.

Yup

 - Dave

-- 
Uncle Cosmo, why do they call this a word processor?
It's simple, Skyler.  You've seen what food processors do to food, right?

Please visit this link:
http://rotter.net/israel

Attachment: pgpQkWlnylBGA.pgp
Description: PGP signature