Sv: PGP signing/decoding problem

[Niklas =?UTF-8?Q?H=C3=B6glund=F6glund?= <niklas hoglund telia com>]

Den 2003.06.23 19:48 skrev Albrecht Dreß:
> More detailed info about the signature, including the validity, is 
> available when you select it. Unfortunately, I forgot to add the 
> "trust" field, which I will add there asap. I could also (I think 
> this was your point, wasn't it?) make the lock green only if the 
> siganture verified correctly *and* if the key's validity and trust 
> level is not "never" and not "unknown", thus mixing key and sig 
> status (and making most locks red, btw). Hmmm...

This was what I suggested.  Maybe there could be more colors.  Orange 
or yellow could mean that the signature is correct, but not from a 
known key (signed by trusted parties, or however it is done).

I compare this to how mutt does it.  In this mail, it said:

[-- PGP output follows (current time: Mon 23 Jun 2003 08:50:03 PM CEST) 
--]
gpg: Signature made Mon 23 Jun 2003 07:48:15 PM CEST using DSA key ID 
D027FFD1
gpg: Good signature from "Albrecht Dreß <albrecht.dress@arcor.de>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the 
owner.
Primary key fingerprint: 5B02 5DD9 991E 8B82 6301  EB6F 9FFF 6E9C D027 
FFD1
[-- End of PGP output --]

(Without the extra linefeeds balsa inserted.)

On mails from people I have exchanged keys with, the warning is not 
there.

>> Also, it'd be nice with a command to fetch the key from a keyserver 
>> when it's not available.
> 
> A suboptimal solution (run gpg in a background shell) is in the cvs 
> and as a patch on my web page. When seahorse/gpa provide an interface 
> for getting keys, I'll replace it by that.

Great.

It is probably a good idea to make sure the fetch happens in the 
background, somehow, as keyservers can sometimes be quite slow.

-- 
                                                 Niklas

PGP signature