On Tue, Mar 19, 2002 at 09:41:06PM +0000, Dave Smith wrote: > Maybe I'm being stupid here, but it appears that mutt and GPG are > behaving correctly. How can it verify the signature on the message > if it wasn't signed? Or maybe I'm stupid ;) Why write anything about signature if it wasn't signed?
> Please feel free to ignore the following if it's all obvious stuff that > you know already.... [cut --- I'm not an expert, but I know basics] > The fact that you can decrypt a message from a particular sender > does not prove that they sent it - only that whoever sent it used Right. > your public key to encrypt it; in theory, anyone could have sent > it, provided they can get hold of your public key (which is likely, Right. > since it's 'public', and most people publish their public keys > all over the 'net). If a message is only encrypted (and not So I do --- vide my sig. > signed), there is no signature to verify, which is why you get > "PGP signature could NOT be verified." So this message means: "You can't be sure who sent this mail because there were no signature to check" and not: "The signature is BAD, so somebody is cheating" ? -- --= Michal [EMAIL PROTECTED] =-- --= finger me for PGP public key or visit http://michal.waw.pl/PGP =-- --==--==--==--==--==-- Vodka. Connecting people.--==--==--==--==--==-- A chodzenie po górach SSIE!!!
