On Thu, 2012-05-10 at 16:55 +0100, Roger Leigh wrote: > On Thu, May 10, 2012 at 05:49:12PM +0200, Ralf Mardorf wrote: > > On Thu, 2012-05-10 at 16:45 +0100, Phil Dobbin wrote: > > > On 10/05/12 16:14, Tony van der Hoff wrote: > > > > > > > So, this message was signed. > > > > > > > > Having recently installed enigmail, to see what all the fuss is about > > > > in the other thread. I find I'm at a loss to understand how to > > > > interpret this. > > > > ------------------------------------------------- > > > > OpenPGP Security Info > > > > > > > > Unverified signature > > > > > > > > gpg command line and output: > > > > /usr/bin/gpg > > > > gpg: Signature made Thu 10 May 2012 15:27:47 BST using RSA key ID > > > > A093C263 > > > > gpg: Can't check signature: public key not found > > > > ------------------------------------------------- > > > > > > > > Am I expected to go to some keyserver to find the sender's public key? > > > > How, where, why? > > > > > > > > Maybe I've not set up Enigmail correctly? > > > > > > > > Alternatively, should I just ignore the signature, in which case why > > > > is the sender polluting the list with useless crap? > > > > > > You have an option to import my key under your PGP menu should you wish > > > to do so . If you have installed Enigmail then go ahead & do it. > > > With Evolution I can't. I need your keyserver and your keynumber. > > The key number is in the message (A093C263 above). The key servers > are all public and mirrored with each other, so just pick one or > more to use. If the person signing the message hasn't uploaded their > key to a public keyserver, then they are perhaps not understanding > what the public key is for ;)
This resulted in "Valid signature, but cannot verify sender (Phil Dobbin <[email protected]>)": gpg: armor header: Hash: SHA1 gpg: armor header: Version: GnuPG v1.4.11 (GNU/Linux) gpg: armor header: Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ gpg: original file name='' gpg: Signature made Thu 10 May 2012 05:45:50 PM CEST using RSA key ID A093C263 gpg: using PGP trust model gpg: Good signature from "Phil Dobbin <[email protected]>" gpg: aka "[jpeg image of size 518977]" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: AADB 6887 80BF 485B EF0D 4DBC 23E6 616E A093 C263 gpg: textmode signature, digest algorithm SHA1 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/1336665574.5057.2.camel@precise
