Re: [Evolution] Signing messages with PGP



On Mon, 2008-09-22 at 12:43 +0100, Andrew Taylor wrote:
My recipients get a message stating: "Valid signature but cannot
verify sender.

When I click on the key icon I get the following:

gpg: armour header: Version: GnuPG v1.4.6 (GNU/Linux)
gpg: Signature made Mon 22 Sep 2008 12:39:44 BST using DSA key ID
<deleted>
gpg: using PGP trust model
gpg: Good signature from "Andrew "Ampers" Taylor (Dated 1st September
2008) <ampers gmail com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: FBAA 4578 313F C31B FEF3  A804 6A9E 3CAE E031
0EF1
gpg: binary signature, digest algorithm SHA1

Any clues? I recently had to reload Ubuntu onto my PC.

It just means that your key isn't signed by anyone trusted by the
recipients (such as yourself). You either need to exchange signatures
with them, preferrably using some out-of-band mechanism such as direct
contact, or have a mutually trusted third party do it. Read up on the
"web of trust" in the GPG docs.

poc




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]