On Sun, Dec 21, 2003 at 10:08:44PM -0700, s. keeling wrote: > > My trouble right now is verifying keys. If I send myself mail, it's > correctly compared to my local copy (in my keyring?) and gpg says it's > good. Other mail coming in triggers a lookup at pgp.mit.edu for keys, > leading to strange results: > [...] > gpg: Signature made Sun Dec 21 17:14:28 2003 MST using DSA key ID 946886AE > gpg: Good signature from "Trey Sizemore <[EMAIL PROTECTED]>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > gpg: Fingerprint: 683F FFE2 AA2D D341 6002 A973 8443 F068 9468 86AE
You don't appear to have built a trust path between one of your trusted keys to Trey Sizemore's key. If you're certain the key 946886AE really belongs to Trey Sizemore you can sign it locally (gpg --edit-key 946886AE; and use the lsign command). *Your* signature on the key will assure gnupg that you trust that key. [...] > gpg: Signature made Sun Dec 21 20:32:36 2003 MST using DSA key ID 16D0B8EF > gpg: BAD signature from "Joey Hess (email key) <[EMAIL PROTECTED]>" Sometimes broken MUAs or MTAs trigger this error. Browse the archive of the gnupg-user mailing list (http://marc.theaimsgroup.com/?l=gnupg-users&r=1&w=2) for possible causes and explanations. > The commands driving gpg in mutt were clipped right out of /etc/Muttrc > (Woody 3.0r2): > > ----------------------------------------------- > set pgp_autosign=no > set pgp_sign_as=AC94E4B7 Are you sure you want to specify this in the global configuration file? > Ideas anyone? I feel like I'm within spitting distance of the goal > line, and I'm not getting any closer no matter what I do. It definitely takes some time to get used to the concept and resolve technical problems, but once you're done you'll be fine for eternity. bit, adam -- Am I a cleric? | 1024D/37B8D989 Or maybe a sinner? | 954B 998A E5F5 BA2A 3622 Unbeliever? | 82DD 54C2 843D 37B8 D989 Renegade? | http://sks.dnsalias.net
