Re: [Evolution] GPG - cannot verify sender



On 08/15/2018 02:34 PM, Japhering via evolution-list wrote:

if I'm correct, then the following should resolve the yellow


gpg --keyserver <public server> --recv-keys <keyID in question>

No, that's not enough. Anyone can upload a key to the keyservers. They
have no way to ensure that it actually belongs to a particular email
address.

That's where the web of trust comes in.

I'm not sure how to manage it in the GUI but from a terminal you use
"gpg2 --edit-key <keyID>"

Then set trust level with 'trust' and, unless you actually verified
identity with the key holder and feel comfortable telling other people
to trust it, use "lsign" or "ltsign" to give it a local only trust
signature.

If you did verify it and then "sign" it the next time GPG synchronizes
to the keyservers your signature will get added to that key.

-- 
                Knowledge is Power -- Power Corrupts
                        Study Hard -- Be Evil


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]