<<< Date Index >>>     <<< Thread Index >>>

Re: about pgp-signed messages



On Tue, Nov 04, 2003 at 04:39:50PM -0500, David Yitzchak Cohen wrote:
> On Tue, Nov 04, 2003 at 09:21:35PM +0100, Aron Stansvik wrote:
> 
> > > > On the other hand, I finds signed messages annoying.  I don't have
> > > > any of senders' public keys -- this is an international forum, after
> > > > all -- so pgp verification always fails.
> > > 
> > > Well, you can set GPG to automatically fetch keys, or you can manually 
> > > fetch keys you care about (which is what I do, with a handy little 
> > > script).
> > 
> > How does this actually work? I have my pgp_getkeys_command set to:
> > 
> > gpg --keyserver hkp://wwwkeys.pgp.net --recv-keys %r
> 
> That looks about right.  You may wanna just DL the getkeys script
> (that I got a while ago from somebody else on this list) from me [1].
> It allows you to search multiple keyservers.

Ok, great, where can I find this script? [1] <-- Was that supposed to
reference a side note, I can't find any :(

> > Should this work, provided that the sender of the signed email I'm
> > reading has its public key exported to this server (or any other? how
> > does HKP work?).
> 
> I dunno ... I never really got interested in the mechanics of how/why.

Ok.

> > Verification of your signature fails on my setup,
> 
> as indeed it should, since I've never posted my key to a keyserver,
> and nobody else has posted my key to a major keyserver

Ok, now I downloaded and imported your key into my keyring, and the the
signature was Good, but gpg warns me this key is not certified with a
trusted signature. Sorry if my questions are stupid, but I'm new to PGP;
how can I certify your key with a trusted signature, or is this
something that you should do? Should this not be done unless we meet
personally or verify something over a secure phone line?

> > how can I tell Mutt to
> > download your public key from the URL specified by the X-GPG-Key-Direct-Link
> > header and import it into my keyring? I've looked through the online
> > manual, but can't see anything about these headers, maybe I'm missing
> > something.
> 
> I just DL the key, save it to a file, and then --import it.

Roger roger.

> > PS. Could you successfully verify the signature of this email? I have
> > exported my public key to hkp://wwwkeys.pgp.net. DS.
> 
> Yup

Great. And thanks a lot for helping out.

Best regards,
Aron Stansvik

--
unemployed

Attachment: pgp95uqpMvmiP.pgp
Description: PGP signature