The "trustedness" as seen by gpg --export-ownertrust is a funny and usually unrevised question by gpg users
So, you should only trust in keys that people physically gets it to you. After that, if you set it as fully trusted, anyone that trust in you would trust on this third person key also.
It means that to trust in anybody key you shall trust fully IN SOMEONE that phisically knows "this anybody" and signed his key as fully trusted.
I don't have nothing against Eli Schwartz. but could be perfectly jack the ripper in terms of gpg keys, but if we have common friends that knows as both physically him can reliably say that Eli Schwartz is not Jack the Ripper and sign his/her key marking his/her as a trusted person, if I trust fully in our common friend I will trust in Eli Schwartz also although I don't know him/her
El 22/8/25 a las 18:54, zyxhere💠escribió:
On Fri, 2025-08-22 at 18:40 +0200, Javier Martinez wrote:El 22/8/25 a las 18:21, zyxhere💠escribió:Hi I'm new to the mailing list workflow (or emails in general), right now I'm using evolution and have somehow been able to configure it (I can even encrypt emails with it!!😱😱).Two things I wanted to know are what should the wrap line limit be (in evolution the default is 71 but I don't know why is it even correct?) and how can I send someone else encrypted emails with evoution, I did test it and was able to send encrypted/signed emails to myself so now I want to know how can I do the same to others. Do I have to manually get everyones public key and make them trusted? Or can evolution somehow get those from a keyserver? I did verify my keys with this email address on https://keys.openpgp.org/ (Note that I'm also a little new to GPG too). Will appreciate any help. Thanks.I'm going to create one gpg key with the name zyxhere and publish it in a key server. With it, I will sign one text file that indicates: I'm a windows fan, windows rulez. Now someone gets this gpg key from the key server, and verify the sign, get's in rage because the content and answers you in this email list answering you: Go and clean your windows!!!!They search for my email in the keyserver to get it so if I have verified my email on it then this shouldn't really be a concern?So, keys downloaded from keyservers are not usually trusted.I get it with your exampleI usually attach my key in thunderbird. So, at least people can figure that getting my key id is the way to download the gpg key from this troll. If this troll has really the name that appears in the mail from, can't be verified, but at least it's the gpg key of the troll that has sent this email, whatever name that really has, that's for sure Public from receiver is used to crypt to the destination and to verify signatures from him. Private key its used to decrypt mails sent to us and to make the signature checked with our public key.Right
OpenPGP_0x57E64E0B7FC3BEDF.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
