Stefano Sabatini wrote:
> Hi mutters,
>
> I'm getting this strange behaviour when I try to verify the integrity
> of a message with mime type multipart/signed and signed with PGP.
>
> In most cases it works just fine, but in some cases I get something
> as:
>
> [-- PGP output follows (current time: Tue 01 May 2007 03:50:24 PM CEST) --]
> gpg: Signature made Tue 01 May 2007 03:34:27 PM CEST using DSA key ID XXXXXXXX
> gpg: Good signature from "xxxxxx xxxxxxx <xxxxxxxxxxxxxxxxxxxx>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the owner.
> Primary key fingerprint: xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
> [-- End of PGP output --]
The important part is the gpg warning. It means that the key used to
sign the message isn't signed (certified) by your key (or the key of
someone else that you've marked as trusted).
You can test this by adding a local signature to a key for which this
happens (gpg --lsign-key <keyid>).
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
It is easier to fight for one's principles than to live up to them.
-- Alfred Adler
Attachment:
pgpQPKMRCQQMf.pgp
Description: PGP signature