Re: [Evolution] Evolution/GPG

[Tom <tom prost-net de>]

Am Samstag, den 20.02.2016, 20:57 +0100 schrieb Stig Roar Wangberg:
(...) 
> > > > > > Everything is working just fine now! I'm very pleased with Evolution.
> > > > > > But what does it mean when it says that the signature is valid, but
> > > > > > cannot confirm the sender (I don't know the exact wording in English)? 
> > > > >
> > > > > I think it is the same what I see here:
> > > > > Signatur existiert, jedoch wird der öffentliche Schlüssel benötigt.
> > > > > or
> > > > > gpg: Signatur am Sa 20 Feb 2016 16:56:34 CET mit RSA Schlüssel, ID
> > > > > 7C174863, erfolgt.
> > > > > gpg: Unterschrift kann nicht geprüft werden: Öffentlicher Schlüssel
> > > > > nicht gefunden.
> > > > >
> > > > > I haven't checked the English UI but it could there sound like:
> > > > > Signature exists but the public key however is needed/required. 
> > > > > or
> > > > > gpg: Signature at the Sa 20 Feb 2016 16:56:34 CET with RSA key, ID
> > > > > 7C174863, is carried out. 
> > > > > gpg: Signature cannot be checked: Public key not found.
> > > >
> > > > Oh, I was expecting this from others, like when I don't trust or sign
> > > > their keys. Hm. I didn't expect from my own private key. So I have to
> > > > sign and trust my own key too! Like gpg --sign, and level of trust. I
> > > > wonder if I should trust myself with level 5 ... ;)
> > >
> > >
> > > I did a gpg --edit-key, ran the check and it was already self-signed. So
> > > I did the trust in addition. This is the first time I trust myself. ;)
> > > So this is the correct procedure, right? If so I learned something new.
> > > Again! 
> > ... still no public key provided :-(
>
> So the public key are supposed to follow the signature? Is that the
> purpose of a signature? In that case there must be some settings I've
> missed. I see signings all the time, without any public keys. I guess
> people just look them up on a key-server. 
>
> I would like to know this myself, so if anyone could clarify, please. 

I don't think it's a problem of sequence. I only see that lots of
messages seem to contain sender's signature AND public key because I
have lots of certificates from my contacts - which have been imported
somehow automatically by my Evolution without me acting. So I see
directly, that these are valid. Remark, that most of these mails are
sent via Microsoft Infrastructure.
Purpose of a signature should be clear ? You give your addressees the
possibility to make sure that the message comes directly from you, only
from you, noone else but you ;-)
As written above I don't know Evolution's possibilities of handling this
as I don't sign private mails. In the settings for security there seems
to be no attempt !??
"Just" look up the public key on a key-server might be another way. But
once having done this, the public key should be imported into Evolution
to save time when receiving mail from this sender next time.