Hi Ralf-- On 10/15/2013 05:14 PM, Ralf Jung wrote:
> why does Enigmail refuse to use an unsigned key for encryption? A friend > of mine recently contacted me via encrypted mail, and while I was able > to get her key from a keyserver, I couldn't get a signature for it, so I > decided to do that later but reply now. However, after hitting "Send", > when Enigmail asked me which key to use for encryption, her key was > marked red and I wasn't able to encrypt the mail - so I had the choice > of signing a key I did not verify at all, or sending an unencrypted > email. Why is that? enigmail relies on gpg for the association between keys and e-mail addresses. gpg understands (correctly) that the keys in your keyring are effectively populated over the network (e.g. keyserver fetches) and shouldn't be considered validly-bound to their claimed user IDs without some other indication that the user does actually believe these keys to belong to the indicated user. This is a good thing -- it makes it so that if you import a key from someone else who happens to claim to have your friend's e-mail address, enigmail won't accidentally encrypt your messages to that other person. In the situation you describe, where you suspect that a given key belongs to your friend, and you are willing to use it for now, i would use a time-limited (a few months perhaps?) local (a.k.a. "non-exportable") signature on just the User ID i plan to correspond with, and then do my best to confirm her key's fingerprint securely within the time limit, so i could go ahead and do a regular keysigning. hope this helps, --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net