On Wed, 2018-08-15 at 12:18 +0100, Pete Biggs wrote:
Evolution just calls gpg in the background to do this sort of thing. I suggest you do something like gpg --list-keys to verify the key is there and, most importantly, that there is a chain of trust for the key. After all, the message you are getting means that they key is recognised as being valid, but there is not sufficient information to say that the key really belongs to that person. If you are certain that the key belongs to that person - and only if you have verified that it does - you can sign the key and the bar will turn green. But don't sign it unless you are really sure that the key is correct.
Is there some kind of delay between signing the key in Seahorse, and Evolution recognising that it is trusted/verified? Using "gpg --list-keys" verifies that it is there, and in Seahorse I see that I have signed the key as trusted. But the yellow bar in Evolution has not changed. If I remove the key from Seahorse, then the bar changes to grey saying that the message is signed but there is no public key in my keyring. Adding the key again and signing it, the bar returns to yellow.
Attachment:
signature.asc
Description: This is a digitally signed message part