Re: [Evolution] GPG - cannot verify sender
On Wed, 2018-08-15 at 15:34 -0500, Japhering wrote: > Gang, correct me if I'm wrong... > > I read this as the sender's public key is not on Gary's keyring in > Seahorse and/or > not available from a public key server. > No, the sender's key was added but just receiving the key does not verify it. The trust level had to be set to 5 - Ultimate. Thanks to Ralf's detained reply I discovered that I had the trust level at 4 - Fully. BIG misunderstanding on my part of what fully meant. signature.asc Description: This is a digitally signed message part ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] GPG - cannot verify sender
On 08/15/2018 02:34 PM, Japhering via evolution-list wrote: > > if I'm correct, then the following should resolve the yellow > > > gpg --keyserver --recv-keys No, that's not enough. Anyone can upload a key to the keyservers. They have no way to ensure that it actually belongs to a particular email address. That's where the web of trust comes in. I'm not sure how to manage it in the GUI but from a terminal you use "gpg2 --edit-key " Then set trust level with 'trust' and, unless you actually verified identity with the key holder and feel comfortable telling other people to trust it, use "lsign" or "ltsign" to give it a local only trust signature. If you did verify it and then "sign" it the next time GPG synchronizes to the keyservers your signature will get added to that key. -- Knowledge is Power -- Power Corrupts Study Hard -- Be Evil ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] GPG - cannot verify sender
On Wed, 15 Aug 2018 15:34:19 -0500, Japhering via evolution-list wrote: >On Wed, 2018-08-15 at 12:29 +0200, Gary Curtin wrote: >> Newbie with Evolution and GPG, so please be patient. :-) >> >> When receiving GPG signed messages I keep getting the yellow error >> bar saying "Valid signature, but cannot verify sender (Name < >> em...@address.com>) >> >> I have the public key in Seahorse, so why is this error showing? > >Gang, correct me if I'm wrong... > >I read this as the sender's public key is not on Gary's keyring in >Seahorse and/or not available from a public key server. > >The message explicitly states the key is valid, meaning properly >formed and not tampered with, but then says it can't be verified. Two >different actions which have to happen in sequence. > >if I'm correct, then the following should resolve the yellow > >gpg --keyserver --recv-keys That's wrong. I explained with an example how to solve this issue. Btw. you even could get a yellow surrounded mail with a grey message "This message is signed, but the public key is not in your keyring" and an additional green message "Valid signature (f...@bar.com)". ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] GPG - cannot verify sender
On Wed, 2018-08-15 at 12:29 +0200, Gary Curtin wrote: > Newbie with Evolution and GPG, so please be patient. :-) > > When receiving GPG signed messages I keep getting the yellow error bar > saying "Valid signature, but cannot verify sender (Name < > em...@address.com>) > > I have the public key in Seahorse, so why is this error showing? Gang, correct me if I'm wrong... I read this as the sender's public key is not on Gary's keyring in Seahorse and/or not available from a public key server. The message explicitly states the key is valid, meaning properly formed and not tampered with, but then says it can't be verified. Two different actions which have to happen in sequence. if I'm correct, then the following should resolve the yellow gpg --keyserver --recv-keys ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] GPG - cannot verify sender
On Wed, 2018-08-15 at 14:03 +0200, Ralf Mardorf wrote: > If you trusted (or revoked the trust) you need to select another mail > by Evolution and after that select the mail with this particular > key again, to change the colour from yellow to green (or green to > yellow). Thanks Ralf. Your detailed example made complete sense. I guess that the Evolution warning/information bar will remain yellow with every trust setting except ultimate. Which is confusing for a newbie because setting the trust to fully does imply that I have verified the sender, even if Evolution does not think so. :-) signature.asc Description: This is a digitally signed message part ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] GPG - cannot verify sender
PS: If you trusted (or revoked the trust) you need to select another mail by Evolution and after that select the mail with this particular key again, to change the colour from yellow to green (or green to yellow). ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] GPG - cannot verify sender
> Is there some kind of delay between signing the key in Seahorse, and > Evolution recognising that it is trusted/verified? Evolution itself doesn't do anything. As I said Evolution uses gpg in the background to deal with the keys. > > Using "gpg --list-keys" verifies that it is there, and in Seahorse I > see that I have signed the key as trusted. But the yellow bar in > Evolution has not changed. If I remove the key from Seahorse, then the > bar changes to grey saying that the message is signed but there is no > public key in my keyring. Adding the key again and signing it, the bar > returns to yellow. I know seahorse is the repository for gpg keys, but what you do within it doesn't really matter! It's what gpg reports that is critical. So, does gpg think the key is trusted? gpg --list-keys --list-options show-uid-validity It may be something like the key that you use to sign it is not fully trusted by gpg. P. ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] GPG - cannot verify sender
On Wed, 2018-08-15 at 12:18 +0100, Pete Biggs wrote: > Evolution just calls gpg in the background to do this sort of thing. I > suggest you do something like > >gpg --list-keys > > to verify the key is there and, most importantly, that there is a chain > of trust for the key. After all, the message you are getting means that > they key is recognised as being valid, but there is not sufficient > information to say that the key really belongs to that person. If you > are certain that the key belongs to that person - and only if you have > verified that it does - you can sign the key and the bar will turn > green. But don't sign it unless you are really sure that the key is > correct. Is there some kind of delay between signing the key in Seahorse, and Evolution recognising that it is trusted/verified? Using "gpg --list-keys" verifies that it is there, and in Seahorse I see that I have signed the key as trusted. But the yellow bar in Evolution has not changed. If I remove the key from Seahorse, then the bar changes to grey saying that the message is signed but there is no public key in my keyring. Adding the key again and signing it, the bar returns to yellow. signature.asc Description: This is a digitally signed message part ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] GPG - cannot verify sender
On Wed, 2018-08-15 at 12:29 +0200, Gary Curtin wrote: > Newbie with Evolution and GPG, so please be patient. :-) > > When receiving GPG signed messages I keep getting the yellow error bar > saying "Valid signature, but cannot verify sender (Name < > em...@address.com>) > > I have the public key in Seahorse, so why is this error showing? > Evolution just calls gpg in the background to do this sort of thing. I suggest you do something like gpg --list-keys to verify the key is there and, most importantly, that there is a chain of trust for the key. After all, the message you are getting means that they key is recognised as being valid, but there is not sufficient information to say that the key really belongs to that person. If you are certain that the key belongs to that person - and only if you have verified that it does - you can sign the key and the bar will turn green. But don't sign it unless you are really sure that the key is correct. P. ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
[Evolution] GPG - cannot verify sender
Newbie with Evolution and GPG, so please be patient. :-) When receiving GPG signed messages I keep getting the yellow error bar saying "Valid signature, but cannot verify sender (Name < em...@address.com>) I have the public key in Seahorse, so why is this error showing? signature.asc Description: This is a digitally signed message part ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list