D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] More on GPG

On Monday 18 Aug 2003 8:43 pm, Mike Callaghan wrote:
> I have a problem with verifying NW's signature in Evolution 1.4. This is
> what I get on verifying the signature.

I also get:
The signature is valid, but the key's validity is unknown.

The reason is here:
Evolution signs with this key:
[neil@xxxxx neil]$ gpg --list-sigs 8d86b65e
pub  1024D/8D86B65E 2003-02-28 Michael D Callaghan <mike@xxxxxxxxxxxxxxxxxxxx>
sig    8D86B65E 2003-02-28   Michael D Callaghan <mike@xxxxxxxxxxxxxxxxxxxx>
sub  2048g/6EFE80D9 2003-02-28
sig    8D86B65E 2003-02-28   Michael D Callaghan <mike@xxxxxxxxxxxxxxxxxxxx>

I've verified and signed this key:
[neil@xxxxx neil]$ gpg --list-sigs 2801834d
pub  1024R/2801834D 1998-08-12 Mobile Office Services <mos@xxxxxxxxxxxxxxxxxx>
sig    2801834D 1999-07-17   Mobile Office Services <mos@xxxxxxxxxxxxxxxxxx>
sig    A897FD02 2002-12-15   Neil Williams (laptop) <linux@xxxxxxxxxxxxxx>
sig    28BCB3E3 2002-12-15   Neil Williams (CodeHelp) <linux@xxxxxxxxxxxxxx>
uid              Michael D Callaghan <mike@xxxxxxxxxxxxxxxxxx>
sig    2801834D 1998-08-12   Mobile Office Services <mos@xxxxxxxxxxxxxxxxxx>
sig     A897FD02 2002-12-15   Neil Williams (laptop) <linux@xxxxxxxxxxxxxx>
sig    28BCB3E3 2002-12-15   Neil Williams (CodeHelp) <linux@xxxxxxxxxxxxxx>

Evolution is signing with 8d86b65e which is not signed by anyone, including 
2801834d.

[neil@xxxxx neil]$ gpg --recv-key 8d86b65e
gpg: key 8D86B65E: "Michael D Callaghan <mike@xxxxxxxxxxxxxxxxxxxx>" not 
changed
gpg: Total number processed: 1
gpg:              unchanged: 1


> I am particularly puzzled by the 'WARNING' as I have signed the key
> myself. My own key, not surprisingly, is trusted.

Locally? It certainly hasn't made it to the keyserver yet. If you sign 
8d86b65e with 2801834d and set the trust in keys signed by 2801834d to full, 
you should find that my key becomes fully trusted again.

> However, under Eudora in WinXP, using PGP I get a correct response.

Maybe using the newer key as default signing / verifying key?

> Any guidance much appreciated.

Which key do you want to use as your main key? The new one?

-- 

Neil Williams
=============
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3

Attachment: pgp00035.pgp
Description: signature

Lynx friendly