[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Mon, Mar 20, 2006 at 03:37:46PM +0000, Robin Cornelius wrote: > Henry Bremridge wrote: > >Does anyone know of a website where you can paste a signed email and it > >will confirm if the PGP signature is valid? > > > > > >Henry > > > > Hi Henry, > > The only problem with this is that you would have to trust the server as > well as it could just lie and you would then be in a position of > believing a sig is valid when in fact it is not. It would be fairly easy > to implement just accept the email (with in line pgp only) as a http > post, run it through gpg to find what key has been used, import that key > and run it through gpg again and send results back to web page. > Good point. It is just that quite a few people keep coming back to me with something along the lines of "what is this file *.asc on your email". What I was looking for was a "reputable" site that people could a) Learn what GPG is and what it protects (I tend to use the http://www.us-cert.gov/cas/tips/ST04-018.html for this at the moment. I know Microsoft had an article recommending digital signatures this but I cannot now find it. The nearest MS page I can find is http://tinyurl.com/kl555, but that is a long way from a Microsoft recommendation) b) Confirm the validity of the email Programming my own webpage is a "bit" beyond my skills... :) but I need to do something. Will think about it a bit more. Tks
Attachment:
signature.asc
Description: Digital signature