la. den 20. 02. 2016 klokka 19.59 (+0100) skreiv Tom:
Am Samstag, den 20.02.2016, 19:31 +0100 schrieb Stig Roar Wangberg:la. den 20. 02. 2016 klokka 19.03 (+0100) skreiv Tom:Am Samstag, den 20.02.2016, 16:56 +0100 schrieb Stig Roar Wangberg:to. den 11. 02. 2016 klokka 18.39 (+0000) skreiv Pete Biggs:What about this, then? Does this say anything about why there's always two .dat-files attached together with the encrypted attachment? --=-FBjrxYQ2/8R5tscH+TLU Content-Type: application/pgp-encrypted; name="dat.asc" Content-Disposition: attachment; filename="dat.asc" Content-Transfer-Encoding: base64 And if so, what does it tell me?As the "Content-Type:" says, that's the PGP encrypted attachment. I don't know why there are two .dat files. If you want, forward the mail (as an attachment) to me and I'll have a look at it. But it won't be immediately. P.Everything is working just fine now! I'm very pleased with Evolution. But what does it mean when it says that the signature is valid, but cannot confirm the sender (I don't know the exact wording in English)?I think it is the same what I see here: Signatur existiert, jedoch wird der öffentliche Schlüssel benötigt. or gpg: Signatur am Sa 20 Feb 2016 16:56:34 CET mit RSA Schlüssel, ID 7C174863, erfolgt. gpg: Unterschrift kann nicht geprüft werden: Öffentlicher Schlüssel nicht gefunden. I haven't checked the English UI but it could there sound like: Signature exists but the public key however is needed/required. or gpg: Signature at the Sa 20 Feb 2016 16:56:34 CET with RSA key, ID 7C174863, is carried out. gpg: Signature cannot be checked: Public key not found.Oh, I was expecting this from others, like when I don't trust or sign their keys. Hm. I didn't expect from my own private key. So I have to sign and trust my own key too! Like gpg --sign, and level of trust. I wonder if I should trust myself with level 5 ... ;)So your expectation is right. Me - as OTHER one - can't trust the sender is really YOU as far as not having your public key to check if it fits the private key you signed your mail with. Keeps me hanging on if I don't know where to get your public key, except you would be so kind to send it to me. Easiest way was to include it in your mail somewhere. I don't know, how Evolution exactly handles this, but the mechanisms of PKI are simple at last ...
What happens if you run gpg --recv-keys 7C174863 ? That will give you my public key, right? You can also type in my email address in gpg.mit.edu. But I'm really curious if my public key-block is supposted to be attached to my signature? The 7C174863 is already there, yes? I don't know what people usually do. Probably compare the fingerprints with each other before they sign and trust. How Evolution works, I really don't know. My key weren't confirmed in my sent messages before I trusted my own key. So I guess that's what other people that trust me have to do too.
Attachment:
signature.asc
Description: This is a digitally signed message part