FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 02-11-2008, 08:46 AM
Patrick Holthaus
 
Default Kmail does not import gpg keys automatically?

Hey there!

I wonder why Kmail does not import any gpg keys. For example on this list,
many people sign their messages. But Kmail tells me something like this:

> Message was signed on xxx with unknown key xxx.
> The validity of the signature cannot be verified.
> Status: No public key to verify the signature

OpenPGP is selected in "Crypto Backends" with default keyserver
http://pgp.mit.edu
Automatically import keys and certificates is also selected.

gpg-agent is running, with the following config (gpg.conf):

> grep -v '^#' ~/.gnupg/gpg.conf | uniq

> keyserver-options auto-key-retrieve
>
> use-agent

> default-key 40A7BD65

> utf8-strings
> verbose
> utf8-strings

> encrypt-to 0x40A7BD65

and gpg-agent.conf:

> grep -v '^#' ~/.gnupg/gpg-agent.conf | uniq
> pinentry-program /usr/bin/pinentry-qt
> no-grab
> default-cache-ttl 1800
>
> debug-level basic
> log-file socket:///home/pholthau/.gnupg/log-socket
> allow-mark-trusted

I am running Kmail 1.9.7 (KDE 3.5.8) and gnupg 2.0.7.

Anyone knows whats going wrong?


Thanks
Patrick
 
Old 02-11-2008, 05:25 PM
Mick
 
Default Kmail does not import gpg keys automatically?

On Monday 11 February 2008, Patrick Holthaus wrote:
> Hey there!
>
> I wonder why Kmail does not import any gpg keys. For example on this list,
>
> many people sign their messages. But Kmail tells me something like this:
> > Message was signed on xxx with unknown key xxx.
> > The validity of the signature cannot be verified.
> > Status: No public key to verify the signature
>
> OpenPGP is selected in "Crypto Backends" with default keyserver
> http://pgp.mit.edu
> Automatically import keys and certificates is also selected.

I use hkp://subkeys.pgp.net as my default keyserver and do not seem to have
such a problem (unless I open a new message offline, which has a new key that
has not been imported yet from the keyserver).

KGpg has a 'Refresh keys from server' selection in the menu that will do
exactly that when you're on line, or bring back an error if a connection
cannot be established (e.g. because you are off-line, the server does not
accept connections, or the particular keys are not published on that server).
Ditto if you run:

$ gpg --refresh-keys

HTH.
--
Regards,
Mick
 
Old 02-11-2008, 06:27 PM
Patrick Holthaus
 
Default Kmail does not import gpg keys automatically?

Hi and thanks for the reply!

> I use hkp://subkeys.pgp.net as my default keyserver and do not seem to have
> such a problem (unless I open a new message offline, which has a new key
> that has not been imported yet from the keyserver).

I changed the default server to the one you use. It seems to work now.
gpg --refresh-keys had an error with the MIT server and it works with yours.

Nevertheless I have to set the trust to ultimately of each imported key in
KGPG, right?

Patrick
 
Old 02-11-2008, 07:25 PM
Mick
 
Default Kmail does not import gpg keys automatically?

On Monday 11 February 2008, Patrick Holthaus wrote:
> Hi and thanks for the reply!
>
> > I use hkp://subkeys.pgp.net as my default keyserver and do not seem to
> > have such a problem (unless I open a new message offline, which has a new
> > key that has not been imported yet from the keyserver).
>
> I changed the default server to the one you use. It seems to work now.
> gpg --refresh-keys had an error with the MIT server and it works with
> yours.
>
> Nevertheless I have to set the trust to ultimately of each imported key in
> KGPG, right?
>
> Patrick

NO! Only if you trust the guy who owns the key. That trust can only be
gained if you have verified (in person) that he is the owner of the
registered email address and pgp key! Otherwise, the whole principle of "Web
of Trust" falls apart. That's what the key exchange meetings are all about.
Now, you can't meet everyone in person who has a pgp key, right? But if you
have verified that Bob is who he says he is and his key matches up to his
email address, and Bob has gone through the same process with Fred, then by
implication you may chose to also trust Fred and any others that Bob has
verified. For obvious reasons you may chose to mark Fred's key as trusted to
a lesser degree than Bob's.

Have a look at these links for more info on this subject:
http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
http://en.wikipedia.org/wiki/Key_signing_party
http://en.wikipedia.org/wiki/Web_of_trust

HTH.
--
Regards,
Mick
 

Thread Tools




All times are GMT. The time now is 01:43 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org