On 20 Dec 2015, at 8:53, Fabian Blechschmidt wrote:
The problem with GPG signed messages is, that you need the public key
to add it to your keychain the the key is only referenced in the
messages, not contained. At least that is often the case.
I'm not sure how a untrusted message looks like, but for my test case
here, you can click on "Show Details", then you get a bunch of
information, including:
GOODSIG 9642FF72DD74A248
GOODSIG fingerprint
which is the fingerprint of the key. Then you can use GPG Key ring to
get the Key.
Key(s) > Get key from key server (or something like this, I only have
the german version here) Cmd + F
Then you search for the fingerprint.
IF the key server knows the key, it will send it to you, if not you
have bad luck. You need to ask the sender for his public key. Before
you insert it into your key chain, you call him or meet him and make
sure, that the fingerprint is correct :-)
TL;DR Get the signature, search for the key. If is it not on a key
server ask the sender.
Excellent, thanks! That works fine. I think where I got messed up was
the notation of "GOODSIG". That's not the signature, that's the key that
made the signature.
--Paul Hoffman
_______________________________________________
mailmate mailing list
[email protected]
http://lists.freron.com/listinfo/mailmate
