Re: PGP signing/decoding problem

[Albrecht Dreß <albrecht dress arcor de>]

Am 23.06.03 13:20 schrieb(en) Niklas Höglund:
> I have two other wishes for the gnupg support in Balsa.  First I could 
> easily have created a signature for this mail saying I'm the president 
> of the United States, or something equally fake, and Balsa would still 
> have shown a green lock.  I think the green lock should only be shown 
> when a signature chain can be followed (the way gnupg does it with the 
> web of trust).

Currently, the green lock is shown if the signature could be verified 
successfully (in the index: if *all* signatures in a message could be 
verified). The lock will be red if you either don't have the key at all or 
if it's expired.  So in the case above you would first see a red lock, and 
after fetching it from the server (or some other source) a green one, 
given it verified correctly. Note that the lock icon is only a signature, 
not a key status indicator!

More detailed info about the signature, including the validity, is 
available when you select it. Unfortunately, I forgot to add the "trust" 
field, which I will add there asap. I could also (I think this was your 
point, wasn't it?) make the lock green only if the siganture verified 
correctly *and* if the key's validity and trust level is not "never" and 
not "unknown", thus mixing key and sig status (and making most locks red, 
btw). Hmmm...

> Also, it'd be nice with a command to fetch the key from a keyserver when 
> it's not available.

A suboptimal solution (run gpg in a background shell) is in the cvs and as 
a patch on my web page. When seahorse/gpa provide an interface for getting 
keys, I'll replace it by that.

Cheers, Albrecht.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Albrecht Dreß  -  Johanna-Kirchner-Straße 13  -  D-53123 Bonn (Germany)
        Phone (+49) 228 6199571  -  mailto:albrecht.dress@arcor.de
_________________________________________________________________________

PGP signature