Re: Do you auto fetch GPG keys?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday, June 16 at 03:25 PM, quoth Ye Fei:
> As my understanding, "set crypt_verify_sig=no" means does not verify
> the crypt signature.
You are correct, that's exactly what it means.
> But sorry for my stupid question, why does people send message to a
> mailing list with a crypt signature which can not be verified by
> others?
Most likely, they send it because they either have accidentally
misconfigured their mailer, or because they do not know how to produce
a correct signature.
> What do I need to verify the signature correctly?
For the sake of double-checking, make sure your pgp_* settings are
correct. For example (each setting all on one line, of course):
set pgp_verify_command="gpg --status-fd=2 --no-verbose --quiet --batch
- --output - -verify %s %f"
set pgp_decrypt_command="gpg --status-fd=2 %?p?--passphrase-fd 0?
- --no-verbose --quiet --batch --output - %f"
set pgp_decode_command="gpg --status-fd=2 %?p?--passphrase-fd 0?
- --no-verbose --quiet --batch --output - %f"
There are more, of course, for correctly signing messages, but the
above should be enough to let you correctly verify messages, as long
as gpg is in your $PATH (otherwise, put the full path to gpg in each
line).
~Kyle
- --
It only takes 20 years for a liberal to become a conservative without
changing a single idea.
-- Robert Anton Wilson
-----BEGIN PGP SIGNATURE-----
Comment: Thank you for using encryption!
iD8DBQFEksAVBkIOoMqOI14RAjTqAKCPMY5zJAiN2OMMNK0b3JLqazbXaQCg4agO
wVtda7ODKEVkTbgxa6VnPBA=
=l7Em
-----END PGP SIGNATURE-----