On Tue, Nov 04, 2003 at 04:39:50PM -0500, David Yitzchak Cohen wrote: > On Tue, Nov 04, 2003 at 09:21:35PM +0100, Aron Stansvik wrote: > > > > > On the other hand, I finds signed messages annoying. I don't have > > > > any of senders' public keys -- this is an international forum, after > > > > all -- so pgp verification always fails. > > > > > > Well, you can set GPG to automatically fetch keys, or you can manually > > > fetch keys you care about (which is what I do, with a handy little > > > script). > > > > How does this actually work? I have my pgp_getkeys_command set to: > > > > gpg --keyserver hkp://wwwkeys.pgp.net --recv-keys %r > > That looks about right. You may wanna just DL the getkeys script > (that I got a while ago from somebody else on this list) from me [1]. > It allows you to search multiple keyservers. Ok, great, where can I find this script? [1] <-- Was that supposed to reference a side note, I can't find any :( > > Should this work, provided that the sender of the signed email I'm > > reading has its public key exported to this server (or any other? how > > does HKP work?). > > I dunno ... I never really got interested in the mechanics of how/why. Ok. > > Verification of your signature fails on my setup, > > as indeed it should, since I've never posted my key to a keyserver, > and nobody else has posted my key to a major keyserver Ok, now I downloaded and imported your key into my keyring, and the the signature was Good, but gpg warns me this key is not certified with a trusted signature. Sorry if my questions are stupid, but I'm new to PGP; how can I certify your key with a trusted signature, or is this something that you should do? Should this not be done unless we meet personally or verify something over a secure phone line? > > how can I tell Mutt to > > download your public key from the URL specified by the X-GPG-Key-Direct-Link > > header and import it into my keyring? I've looked through the online > > manual, but can't see anything about these headers, maybe I'm missing > > something. > > I just DL the key, save it to a file, and then --import it. Roger roger. > > PS. Could you successfully verify the signature of this email? I have > > exported my public key to hkp://wwwkeys.pgp.net. DS. > > Yup Great. And thanks a lot for helping out. Best regards, Aron Stansvik -- unemployed
Attachment:
pgp95uqpMvmiP.pgp
Description: PGP signature