Re: Do you auto fetch GPG keys?

To: Mutt Users List <mutt-users@xxxxxxxx>
Subject: Re: Do you auto fetch GPG keys?
From: Ye Fei <sjtu_yf117@xxxxxxxxxxx>
Date: Fri, 16 Jun 2006 17:29:20 +0200
In-reply-to: <20060616142837.GH23109@xxxxxxxxxxxxxxxxxxxxxx>
List-unsubscribe: <mailto:mutt-users-request@mutt.org?body=unsubscribe>
Mail-followup-to: Mutt Users List <mutt-users@xxxxxxxx>
References: <20060615192948.GA5292@xxxxxxxxxxxxxxxxx> <20060615194917.GC22627@xxxxxxxx> <20060616102705.GA10397@xxxxxxxxxxxxxxxxxxxxx> <20060616130103.GA1064@xxxxxxxxxxxxxxxxxxxxx> <20060616132548.GA13185@xxxxxxxxxxxxxxxxxxxxx> <20060616142837.GH23109@xxxxxxxxxxxxxxxxxxxxxx>
Reply-to: Ye Fei <sjtu_yf117@xxxxxxxxxxx>
Sender: owner-mutt-users@xxxxxxxx
User-agent: Mutt/1.5.11+cvs20060403

Thank you for kindly reply.
I set crypt_verify_sig=yes, and follow your advice. However I
still can not verify the encrypted signature. 
It said can not find public key.

I never used pgp before, or maybe I have used unconciously. I read
some gnupg's doc online and then am totally confused.

I think perhaps I did not configure my gnupg correctly. In my
.gnupg/gpg.conf, there is a line "skeyserver hkp://subkeys.pgp.net"
Is this a correct server for downloading the "public key" needed
to verify your encrypted sig.

How can I know your keys? no matter the public or the private. 
Shall I set "pgp_getkeys_command"? I do not how to set it.
I am sorry if this is not a mutt-relevant subject.

YeFei
On 2006-06-16, Kyle Wheeler (kyle-mutt@xxxxxxxxxxxxxx) wrote:
> On Friday, June 16 at 03:25 PM, quoth Ye Fei:
> > As my understanding, "set crypt_verify_sig=no" means does not verify 
> > the crypt signature.
> 
> You are correct, that's exactly what it means.
> 
> > But sorry for my stupid question, why does people send message to a 
> > mailing list with a crypt signature which can not be verified by 
> > others?
> 
> Most likely, they send it because they either have accidentally 
> misconfigured their mailer, or because they do not know how to produce 
> a correct signature.
> 
> > What do I need to verify the signature correctly?
> 
> For the sake of double-checking, make sure your pgp_* settings are 
> correct. For example (each setting all on one line, of course):
> 
> set pgp_verify_command="gpg --status-fd=2 --no-verbose --quiet --batch 
> --output - -verify %s %f"
> 
> set pgp_decrypt_command="gpg --status-fd=2 %?p?--passphrase-fd 0? 
> --no-verbose --quiet --batch --output - %f"
> 
> set pgp_decode_command="gpg --status-fd=2 %?p?--passphrase-fd 0? 
> --no-verbose --quiet --batch --output - %f"
> 
> There are more, of course, for correctly signing messages, but the 
> above should be enough to let you correctly verify messages, as long 
> as gpg is in your $PATH (otherwise, put the full path to gpg in each 
> line).
> 
> ~Kyle
> -- 
> It only takes 20 years for a liberal to become a conservative without 
> changing a single idea.
>                                                 -- Robert Anton Wilson

Follow-Ups:
- Re: Do you auto fetch GPG keys?
  - From: Kyle Wheeler

References:
- Do you auto fetch GPG keys?
  - From: Chris Willard
- Re: Do you auto fetch GPG keys?
  - From: René Clerc
- Re: Do you auto fetch GPG keys?
  - From: Ye Fei
- Re: Do you auto fetch GPG keys?
  - From: Christian Ebert
- Re: Do you auto fetch GPG keys?
  - From: Ye Fei
- Re: Do you auto fetch GPG keys?
  - From: Kyle Wheeler

Prev by Date: Re: Do you auto fetch GPG keys?
Next by Date: Re: Do you auto fetch GPG keys?
Previous by thread: Re: Do you auto fetch GPG keys?
Next by thread: Re: Do you auto fetch GPG keys?
Index(es):
- Date
- Thread