Re: about pgp-signed messages

To: mutt-users@xxxxxxxx
Subject: Re: about pgp-signed messages
From: Aron Stansvik <elvstone@xxxxxxx>
Date: Tue, 4 Nov 2003 23:06:41 +0100
In-reply-to: <20031104213950.GG20278@xxxxxxx>
List-unsubscribe: <mailto:mutt-users-request@mutt.org?body=unsubscribe>
Mail-followup-to: mutt-users@xxxxxxxx
References: <20031104174344.GA26248@xxxxxxxxxxxxxxxxxx> <20031104183320.GD20278@xxxxxxx> <20031104202135.GA4769@xxxxxxx> <20031104213950.GG20278@xxxxxxx>
Sender: owner-mutt-users@xxxxxxxx
User-agent: Mutt/1.5.4i

On Tue, Nov 04, 2003 at 04:39:50PM -0500, David Yitzchak Cohen wrote:
> On Tue, Nov 04, 2003 at 09:21:35PM +0100, Aron Stansvik wrote:
> 
> > > > On the other hand, I finds signed messages annoying.  I don't have
> > > > any of senders' public keys -- this is an international forum, after
> > > > all -- so pgp verification always fails.
> > > 
> > > Well, you can set GPG to automatically fetch keys, or you can manually 
> > > fetch keys you care about (which is what I do, with a handy little 
> > > script).
> > 
> > How does this actually work? I have my pgp_getkeys_command set to:
> > 
> > gpg --keyserver hkp://wwwkeys.pgp.net --recv-keys %r
> 
> That looks about right.  You may wanna just DL the getkeys script
> (that I got a while ago from somebody else on this list) from me [1].
> It allows you to search multiple keyservers.

Ok, great, where can I find this script? [1] <-- Was that supposed to
reference a side note, I can't find any :(

> > Should this work, provided that the sender of the signed email I'm
> > reading has its public key exported to this server (or any other? how
> > does HKP work?).
> 
> I dunno ... I never really got interested in the mechanics of how/why.

Ok.

> > Verification of your signature fails on my setup,
> 
> as indeed it should, since I've never posted my key to a keyserver,
> and nobody else has posted my key to a major keyserver

Ok, now I downloaded and imported your key into my keyring, and the the
signature was Good, but gpg warns me this key is not certified with a
trusted signature. Sorry if my questions are stupid, but I'm new to PGP;
how can I certify your key with a trusted signature, or is this
something that you should do? Should this not be done unless we meet
personally or verify something over a secure phone line?

> > how can I tell Mutt to
> > download your public key from the URL specified by the X-GPG-Key-Direct-Link
> > header and import it into my keyring? I've looked through the online
> > manual, but can't see anything about these headers, maybe I'm missing
> > something.
> 
> I just DL the key, save it to a file, and then --import it.

Roger roger.

> > PS. Could you successfully verify the signature of this email? I have
> > exported my public key to hkp://wwwkeys.pgp.net. DS.
> 
> Yup

Great. And thanks a lot for helping out.

Best regards,
Aron Stansvik

--
unemployed

Attachment: pgp95uqpMvmiP.pgp
Description: PGP signature

Follow-Ups:
- Re: about pgp-signed messages
  - From: David Yitzchak Cohen

References:
- about pgp-signed messages
  - From: Rouben Rostamian
- Re: about pgp-signed messages
  - From: David Yitzchak Cohen
- Re: about pgp-signed messages
  - From: Aron Stansvik
- Re: about pgp-signed messages
  - From: David Yitzchak Cohen

Prev by Date: Re: Editing attachment content type
Next by Date: Re: about pgp-signed messages
Previous by thread: Re: about pgp-signed messages
Next by thread: Re: about pgp-signed messages
Index(es):
- Date
- Thread