Re: [Evolution] GPG - cannot verify sender

From: Zan Lynx <zlynx acm org>
To: evolution-list gnome org
Subject: Re: [Evolution] GPG - cannot verify sender
Date: Wed, 15 Aug 2018 14:49:39 -0600

On 08/15/2018 02:34 PM, Japhering via evolution-list wrote:


if I'm correct, then the following should resolve the yellow


gpg --keyserver <public server> --recv-keys <keyID in question>


No, that's not enough. Anyone can upload a key to the keyservers. They
have no way to ensure that it actually belongs to a particular email
address.

That's where the web of trust comes in.

I'm not sure how to manage it in the GUI but from a terminal you use
"gpg2 --edit-key <keyID>"

Then set trust level with 'trust' and, unless you actually verified
identity with the key holder and feel comfortable telling other people
to trust it, use "lsign" or "ltsign" to give it a local only trust
signature.

If you did verify it and then "sign" it the next time GPG synchronizes
to the keyservers your signature will get added to that key.

-- 
                Knowledge is Power -- Power Corrupts
                        Study Hard -- Be Evil

References:
- [Evolution] GPG - cannot verify sender
  - From: Gary Curtin
- Re: [Evolution] GPG - cannot verify sender
  - From: Japhering

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]