Re: [Evolution] Evolution/GPG

[Tom <tom prost-net de>]

Am Samstag, den 20.02.2016, 21:14 +0100 schrieb Stig Roar Wangberg:
(...) 
> > > > > Everything is working just fine now! I'm very pleased with Evolution.
> > > > > But what does it mean when it says that the signature is valid, but
> > > > > cannot confirm the sender (I don't know the exact wording in English)? 
> > > >
> > > > I think it is the same what I see here:
> > > > Signatur existiert, jedoch wird der öffentliche Schlüssel benötigt.
> > > > or
> > > > gpg: Signatur am Sa 20 Feb 2016 16:56:34 CET mit RSA Schlüssel, ID
> > > > 7C174863, erfolgt.
> > > > gpg: Unterschrift kann nicht geprüft werden: Öffentlicher Schlüssel
> > > > nicht gefunden.
> > > >
> > > > I haven't checked the English UI but it could there sound like:
> > > > Signature exists but the public key however is needed/required. 
> > > > or
> > > > gpg: Signature at the Sa 20 Feb 2016 16:56:34 CET with RSA key, ID
> > > > 7C174863, is carried out. 
> > > > gpg: Signature cannot be checked: Public key not found.
> > >
> > > Oh, I was expecting this from others, like when I don't trust or sign
> > > their keys. Hm. I didn't expect from my own private key. So I have to
> > > sign and trust my own key too! Like gpg --sign, and level of trust. I
> > > wonder if I should trust myself with level 5 ... ;)
> > So your expectation is right. Me - as OTHER one - can't trust the sender
> > is really YOU as far as not having your public key to check if it fits
> > the private key you signed your mail with. Keeps me hanging on if I
> > don't know where to get your public key, except you would be so kind to
> > send it to me. Easiest way was to include it in your mail somewhere.
> > I don't know, how Evolution exactly handles this, but the mechanisms of
> > PKI are simple at last ...
>
> What happens if you run gpg --recv-keys 7C174863 ? That will give you my
> public key, right? 

thomas ga-78:~$ gpg --recv-keys 7C174863
gpg: Schlüssel 7C174863 von hkp-Server keys.gnupg.net anfordern
gpg: /home/thomas/.gnupg/trustdb.gpg: trust-db erzeugt
gpg: Schlüssel 7C174863: Öffentlicher Schlüssel "Stig Roar Wangberg
<srw openmailbox org>" importiert
gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1
gpg:               importiert: 1  (RSA: 1)


> You can also type in my email address in gpg.mit.edu.
> But I'm really curious if my public key-block is supposted to be
> attached to my signature? The 7C174863 is already there, yes? 

gpg: Signature at the Sa 20 Feb 2016 16:56:34 CET with RSA key, ID
7C174863

> I don't
> know what people usually do. Probably compare the fingerprints with each
> other before they sign and trust. How Evolution works, I really don't
> know. 
>
> My key weren't confirmed in my sent messages before I trusted my own
> key. So I guess that's what other people that trust me have to do too. 

Let's see now I once imported your PK ... :-)