The problem with GPG signed messages is, that you need the public key to
add it to your keychain the the key is only referenced in the messages,
not contained. At least that is often the case.
I'm not sure how a untrusted message looks like, but for my test case
here, you can click on "Show Details", then you get a bunch of
information, including:
GOODSIG 9642FF72DD74A248
GOODSIG fingerprint
which is the fingerprint of the key. Then you can use GPG Key ring to
get the Key.
Key(s) > Get key from key server (or something like this, I only have
the german version here) Cmd + F
Then you search for the fingerprint.
IF the key server knows the key, it will send it to you, if not you have
bad luck. You need to ask the sender for his public key. Before you
insert it into your key chain, you call him or meet him and make sure,
that the fingerprint is correct :-)
TL;DR Get the signature, search for the key. If is it not on a key
server ask the sender.
On 20 Dec 2015, at 17:36, Paul Hoffman wrote:
Greetings. If I see a PGP-signed message that has an untrusted valid
signature that I am sure is signed by the person, I would like to add
it to my PGP key ring. I'm using GnuPG for key ring management. I
don't see a way, even a multi-step way, to go from that message to
adding the key to my keyring. Clues?
--Paul Hoffman
_______________________________________________
mailmate mailing list
[email protected]
http://lists.freron.com/listinfo/mailmate
--
Fabian Blechschmidt
Tel: +49 30 419 932 55
Handy: +49 176 666 55 256
_______________________________________________
mailmate mailing list
[email protected]
http://lists.freron.com/listinfo/mailmate
