Bill Mccarthy, [BM] wrote: >> The not so nice part is that you cannot download a key to memory and >> use it just for checking a signature without adding it to your local >> key-ring.
BM> Actually, Allie, what you're describing is the way it worked before
BM> I added the following line to my gpg.conf:
Are you sure about this? GnuPG has always been an all or none in this
area. If you wish to check a signature, the key has to be on your local
key-ring.
BM> keyserver-options auto-key-retrieve
This is the option I use.
If I'm checking a signature and the public key used for signing isn't on
my GnuPG local key-ring, GnuPG proceeds to connect to the server defined
in the gpg.conf and searches for the key. When the key is found, it's
imported to the local key-ring and the signature checked.
I even asked about this behaviour on the GnuPG discussion group. I was
told very tersely that it's so because of the web of trust.
BM> I'm running just exe's from the GnuPG binary distribution - no
BM> helper software. Perhaps you're using some helper software that set
BM> this option for you?
No, I'm not using helper software to auto-retrieve.
--
-= allie_M =- | List Moderator
_
pgp00000.pgp
Description: PGP signature
________________________________________________________ Current beta is 1.63b11 | "Using TBBETA" information: http://www.silverstones.com/thebat/TBUDLInfo.html
