So, in resume, NEVER trust fully in third party keys that are physically unknown because you can make your really trusted friends to trust in this third party key also and expose them to attacks.
El 22/8/25 a las 18:54, zyxhere💠escribió:
On Fri, 2025-08-22 at 18:40 +0200, Javier Martinez wrote:El 22/8/25 a las 18:21, zyxhere💠escribió:Hi I'm new to the mailing list workflow (or emails in general), right now I'm using evolution and have somehow been able to configure it (I can even encrypt emails with it!!😱😱).Two things I wanted to know are what should the wrap line limit be (in evolution the default is 71 but I don't know why is it even correct?) and how can I send someone else encrypted emails with evoution, I did test it and was able to send encrypted/signed emails to myself so now I want to know how can I do the same to others. Do I have to manually get everyones public key and make them trusted? Or can evolution somehow get those from a keyserver? I did verify my keys with this email address on https://keys.openpgp.org/ (Note that I'm also a little new to GPG too). Will appreciate any help. Thanks.I'm going to create one gpg key with the name zyxhere and publish it in a key server. With it, I will sign one text file that indicates: I'm a windows fan, windows rulez. Now someone gets this gpg key from the key server, and verify the sign, get's in rage because the content and answers you in this email list answering you: Go and clean your windows!!!!They search for my email in the keyserver to get it so if I have verified my email on it then this shouldn't really be a concern?So, keys downloaded from keyservers are not usually trusted.I get it with your exampleI usually attach my key in thunderbird. So, at least people can figure that getting my key id is the way to download the gpg key from this troll. If this troll has really the name that appears in the mail from, can't be verified, but at least it's the gpg key of the troll that has sent this email, whatever name that really has, that's for sure Public from receiver is used to crypt to the destination and to verify signatures from him. Private key its used to decrypt mails sent to us and to make the signature checked with our public key.Right
OpenPGP_0x57E64E0B7FC3BEDF.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
