thomas ga-78:~$ gpg --recv-keys 7C174863 gpg: Schlüssel 7C174863 von hkp-Server keys.gnupg.net anfordern gpg: /home/thomas/.gnupg/trustdb.gpg: trust-db erzeugt gpg: Schlüssel 7C174863: Öffentlicher Schlüssel "Stig Roar Wangberg <srw openmailbox org>" importiert gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1 gpg: importiert: 1 (RSA: 1)You can also type in my email address in gpg.mit.edu. But I'm really curious if my public key-block is supposted to be attached to my signature? The 7C174863 is already there, yes?gpg: Signature at the Sa 20 Feb 2016 16:56:34 CET with RSA key, ID 7C174863I don't know what people usually do. Probably compare the fingerprints with each other before they sign and trust. How Evolution works, I really don't know. My key weren't confirmed in my sent messages before I trusted my own key. So I guess that's what other people that trust me have to do too.Let's see now I once imported your PK ... :-)
Like others have pointed out. You can't sign nor trust my public key, only because you found it on a server, or in my signature. Because you simply don't know who I am. Or if I'm The Stig at all. I barely even sign/trust keys belonging to people I have actually met. I've only signed two of many keys. I don't encrypt just for fun, and when I do, I usually don't use this email address. People working with this for years have much sensible to say about this. And when it comes to Evolution, it only recognize those keys I already added to my key-ring. People I know but not necessarily trust. And there is definitely no need to sign or trust a key belonging to a stranger in a mailing list. :) Best regards, Stig
Attachment:
signature.asc
Description: This is a digitally signed message part