Re: [Evolution] GPG signatures using keyserver

From: Ross Burton <r burton 180sw com>
To: Craig Peterein <nitro apci net>
Cc: evolution ximian com
Subject: Re: [Evolution] GPG signatures using keyserver
Date: 23 Feb 2001 09:41:21 +0000

gpg: Signature made Wed 21 Feb 2001 09:25:19 PM WET using DSA key ID 2982E3B6
gpg: Good signature from "Sejal Patel (Bio Mage) <sejal iname com>"
gpg: cannot open /dev/tty: Device not configured


I got the same tty message, so I added "no-tty" to ~/.gnupg/options on a
line by itself.
It seems to fix it, but I don't know if it's the "correct" solution.



I tried this too last week but then gpg broke from the command line.
Will gpg encrypt a file from a terminal for you with no-tty on?  If it
does I'll put it back in my config file and try and figure out why gpg
is broken on my machine...

Shouldn't the message say that it is authentic ? Could this be because
I'm looking up on a public keyserver, instead of a private keyring ?

I'm not an expert on GnuPG, so any help is accepted.



It is because you haven't assigned any trust.  The theory is that when
you get a public key you can verify emails, but only if you know the
public key is for the person it claims to be (I can make a public key,
and email it to someone claiming to be Craig Peterein).  If it was given
to you by the owner you can trust it, so use gpg --edit to set the
trust.  If not - the normal practise is to get the signature of the key
(can't recall the option) and call the person who owns the key and
compare them. Key signatures are only ~20 hex doubles long so this is
easy. The you can trust the key you have been given.

There are more details, but that is the gist of it.

Ross Burton

-- 
Ross Burton                     Software Engineer
OneEighty Software Ltd          Tel: +44 20 8263 2332
The Lansdowne Building          Fax: +44 20 8263 6314
2 Lansdowne Road                r burton 180sw com
Croydon, Surrey CR9 2ER, UK     http://www.180sw.com./
====================================================================
Under the Regulation of Investigatory Powers (RIP) Act 2000 together
with any and all Regulations in force pursuant to the Act OneEighty
Software Ltd reserves the right to monitor any or all incoming or
outgoing communications as provided for under the Act

Follow-Ups:
- Re: [Evolution] GPG signatures using keyserver
  - From: Jeffrey Stedfast
- Re: [Evolution] GPG signatures using keyserver
  - From: Sejal Patel

References:
- Re: [Evolution] GPG signatures using keyserver
  - From: Craig Peterein

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]