On Sun, 2006-02-12 at 19:40 -0500, Lee Revell wrote:
Where is the documentation? What in the heck is supposed to go in the "PGP/GPG Key ID" field?
I assume you mean in the Mail Account Editor (settings) window for a particular mail account. If so, those of us using PGP/GPG enter into that box the key ID of whichever key corresponds to that mail address/account. Evo will use it for various signing and encryption functions for that mail account. The key ID is usually listed in the first line of output for a particular key. Take mine, for example: pub 1024D/EAC33B8D 2004/11/22 Greg Tassone <greg tassone net> My key ID in the line above is "EAC33B8D"; this is what I entered into Evo.
I added someone's key to my GPG keyring and now their messages say "Valid signature, cannot verify sender". Why not? How do I get it to be able to verify the sender?
That message means that GPG cannot guarantee that the sender is really who they say they are. In other words, the message is valid and wass really signed by that key, but you haven't given GPG a way to be sure that the key really belongs to the sender. On a technical level, you haven't signed their GPG key in your keyring, and/or their GPG key hasn't been signed/validated by enough users that you marginally trust yourself (assuming the classic trust model). Either of those cases would change the message to: "Valid Signature" (in a green bar) Therefore, the way to correct that (if it's important enough to you) is by taking steps to validate major keys on your GPG keyring. Once you validate that each key really does come from the person purporting to own it, you sign it with your own key and upload it back to the Web of keyservers out there. Then, users like me can choose to trust how carefully you check the keys of others, and if enough of our friends do this, we will trust that key as well. More depth is probably beyond the scope of this list. Feel free to check out the GnuPG Web site (http://www.gnupg.org/) documentation on the "Web of Trust" and "key signing" for all the goodies. Hope that helps. Greg
Attachment:
signature.asc
Description: This is a digitally signed message part