David Shaw on Wed, 25 Dec 2002 18:30:32 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] gpg errors and confusion 

On Wed, Dec 25, 2002 at 01:18:41PM -0500, Jeff Abrahamson wrote:
> Sending encrypted and signed mail, I get the following two errors.
> Google hasn't helped me understand why. Maybe someone here can. I'd be
> grateful.
> 
> 
> First, upon selecting a public key to encrypt to, I get
> 
>   ID has undefined validity. Do you really want to use the key? ([no]/yes):
> 
> I respond yes, but I'm not clear why I get this message.

It's a mutt message.  It means that the user ID in question wasn't
signed by a trusted key.

> Then, when mutt is having gpg do the encryption (I gather), I get the
> following (for example):
> 
>   gpg: using secondary key 5818771B instead of primary key 52AC566B
>   gpg: No trust check due to --always-trust option
>   gpg: writing to `-'
>   gpg: ELG-E/AES encrypted for: "5818771B Michael C. Toren (MCT) <mct@toren.net>"
>   gpg: DSA signature from: "0D1DAE4B Jeff Abrahamson <jeff@purple.com>"
> 
> My mutt config does specify --always-trust, but I don't think I've
> changed that, I think I just grabbed it from some mutt release
> somewhere.

That's normal for mutt.  Mutt has a slightly strange way of doing
trust calculations - it asks GnuPG for the user ID validity, and then
gives it back to GnuPG with --always-trust.  It makes sense for the
way mutt handles encryption.

> Finally, when I read my own mail, I see the following:
> 
> [-- PGP output follows (current time: Wed 25 Dec 2002 01:15:25 PM EST) --]
> gpg: Signature made Wed 25 Dec 2002 12:01:42 PM EST using DSA key ID 0D1DAE4B
> gpg: Good signature from "Jeff Abrahamson <jeff@purple.com>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the owner.
> Primary key fingerprint: 1A1A BA95 D082 A558 A276  63C6 16BF 8C4C 0D1D AE4B
> [-- End of PGP output --]
> 
> But I did sign my own key:
> 
>   jeff@asterix:Mutt $ gpg --list-sigs jeff@purple   
>   pub  1024D/0D1DAE4B 2002-05-02 Jeff Abrahamson <jeff@purple.com>
>   sig 3       0D1DAE4B 2002-05-02   Jeff Abrahamson <jeff@purple.com>
>   sig 2   P   99242560 2002-12-25   David M. Shaw <dshaw@jabberwocky.com>
>   sig         80675E65 2002-12-20   Leonard D. Rosenthol <leonardr@rogue-admins.com>
>   sig         A7EDFD2F 2002-12-20   T. Eugene Smiley <eugene@esmiley.net>
>   sub  2048g/29595FCD 2002-05-02
>   sig         0D1DAE4B 2002-05-02   Jeff Abrahamson <jeff@purple.com>
> 
>   jeff@asterix:Mutt $ 
> 
> Do I need to specify something else to trust myself?

gpg --edit-key 0D1DAE4B
trust
5 ("I trust ultimately")

Then do a "gpg --update-trustdb" to build your web of trust.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson
_________________________________________________________________________
Philadelphia Linux Users Group        --       http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug