On Fri, 2025-08-22 at 19:55 +0200, Javier Martinez wrote: > So, in resume, NEVER trust fully in third party keys that are physically > unknown because you can make your really trusted friends to trust in > this third party key also and expose them to attacks.
Thanks for the paranioa lol. I'll keep this in mind and never trust Eli ;) jkjk > > El 22/8/25 a las 18:54, zyxhere💠escribió: > > On Fri, 2025-08-22 at 18:40 +0200, Javier Martinez wrote: > > > El 22/8/25 a las 18:21, zyxhere💠escribió: > > > > Hi I'm new to the mailing list workflow (or emails in general), right > > > > now I'm using evolution and have somehow been able to configure it (I > > > > can even encrypt emails with it!!😱😱).Two things I wanted to know are > > > > what should the wrap line limit be (in evolution the default is 71 but I > > > > don't know why is it even correct?) and how can I send someone else > > > > encrypted emails with evoution, I did test it and was able to send > > > > encrypted/signed emails to myself so now I want to know how can I do the > > > > same to others. > > > > > > > > Do I have to manually get everyones public key and make them trusted? Or > > > > can evolution somehow get those from a keyserver? I did verify my keys > > > > with this email address on https://keys.openpgp.org/ (Note that I'm also > > > > a little new to GPG too). > > > > > > > > Will appreciate any help. > > > > Thanks. > > > > > > I'm going to create one gpg key with the name zyxhere and publish it in > > > a key server. With it, I will sign one text file that indicates: I'm a > > > windows fan, windows rulez. > > > > > > Now someone gets this gpg key from the key server, and verify the sign, > > > get's in rage because the content and answers you in this email list > > > answering you: Go and clean your windows!!!! > > > > They search for my email in the keyserver to get it so if I have > > verified my email on it then this shouldn't really be a concern? > > > > > > So, keys downloaded from keyservers are not usually trusted. > > > > I get it with your example > > > > > I usually attach my key in thunderbird. So, at least people can figure > > > that getting my key id is the way to download the gpg key from this > > > troll. If this troll has really the name that appears in the mail from, > > > can't be verified, but at least it's the gpg key of the troll that has > > > sent this email, whatever name that really has, that's for sure > > > > > > Public from receiver is used to crypt to the destination and to verify > > > signatures from him. Private key its used to decrypt mails sent to us > > > and to make the signature checked with our public key. > > > > Right
signature.asc
Description: This is a digitally signed message part
