On Fri, 2004-03-26 at 03:59, Joerg Johannes wrote: > Am Fr, den 26.03.2004 schrieb Paul Johnson um 04:52: > > Joerg Johannes <[EMAIL PROTECTED]> writes: > > > > > Am Do, den 25.03.2004 schrieb Paul Johnson um 03:03: > > >> For any signature, it's generally considered polite to put in a "-- " > > >> (that is, dash dash space newline) on a line by itself. See my signature > > >> for an example. > > >> > > >> See also: http://www.newbie.org/ > > >> > > >> - -- > > > Errh, your sig starts with "- -- \n". Bad example. Go fix it. > > > > > > joerg > > > > Not when using inline PGP signatures, then it's considered valid. > > OK, sorry for that. But now to something else: I use evolution as mua, > and I don't quite understand what to do with inline PGP signatures. When > the signature is attached, I see a lock symbol at the bottom of the > mail, and when clicking on that lock the signature is checked (if the > key is available). This does not work with inline signed messages: I see > only the > -----BEGIN PGP SIGNATURE----- > ... > -----END PGP SIGNATURE----- > signature, but I don't know how to check the validity of such a > signature. > Is this brokenness of evolution? Or am I missing something fundamental? > > joerg
What you're seeing is the ASCII armored ('armoured' in the rest of the English speaking world outside of the US :) PGP signature. I don't know if there's a way to 'teach' evolution about them, but if there is I've never found it. If you want to check the validity of a signature that has been encoded inline like that, you should save the message to disk and then manually run 'gpg --verify testmessage.txt'. It's not a solution you're going to want to use on a daily basis, but if you want to encrypt your mail to someone who prefers it (such as myself, see sig) you should obviously make sure that you can get a valid signature from them first before email them off-list with an encrypted email. Once you've verified that the signature is valid (or at least as valid as its going to get without having to go to a key signing party), then you can RELATIVELY safely assume that the key is REASONABLY valid. (Of course, when dealing with public key systems, unless you personally got that key from a TRUSTED individual on some form of non-modifiable media and have had them verify it, you can't be all THAT sure, but for day to day communications you can be sure enough.) -- Alex Malinovich Support Free Software, delete your Windows partition TODAY! Encrypted mail preferred. You can get my public key from any of the pgp.net keyservers. Key ID: A6D24837
signature.asc
Description: This is a digitally signed message part