brent saner on 17 Jan 2014 21:07:23 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Signed GPG keys but still can't send mail

sounds like you signed the key successfully but either never set a trust level for the key or set too low a trust level (less than three, iirc, is considered to be untrusted).

brent s.
(on my mobile device)

On Jan 17, 2014 11:57 PM, "Isaac Bennetch" <bennetch@gmail.com> wrote:
Hi,

So I've got issues trying to use GPG. It all started when I went to a
keysigning party several months ago. I came back and, following the
suggestions of the keysigning party host, used the "caff" tool to sign
the keys of the other folks there.

At this point, I have my key which I can see with gpg --list-keys
8259BD92, I can also see that others have signed it with gpg --show-sigs
8259BD92 (I haven't uploaded it to a keyserver, but AFAIK that doesn't
affect what I'm doing locally, only if someone wanted to initiate
communication with me). I can see the key in my keychain of the person I
wish to write to, for anonymity's sake we'll say that's gpg --list-keys
AAAAAAAA; if I do gpg --show-sigs AAAAAAAA I also see myself as one of
the signers.

So at this point, I feel I've done everything I need to in order to
communicate securely with this person. However, when I try to send an
encrypted email from Enigmail within Thunderbird, I see a dialog
"Recipient not valid, not trusted, or not found: [contact email
address]" then a list of all the keys I think I have signed, except they
all have red boxes in front of the names (it would be a checkbox, but I
can't check it because it's red and full of danger for some reason). I
assumed my Enigmail might be broken, so I tried from the command line:
gpg --armor --encrypt --sign -r friend@example.com -r bennetch@gmail.com
secretFile.txt. I got a warning that:
> It is NOT certain that the key belongs to the person named in the
> user ID.  If you *really* know what you are doing, you may answer the
> next question with yes."

At this point I notice that the pub key displayed in the dialog is not
the same as the one I've signed -- but it is a subkey of that (I've
signed AAAAAAAA and friend@example.com happens to be BBBBBBBB, which is
signed by AAAAAAAA, if that makes sense).

So anyway, (1) What went wrong? and (2) How do I send an encrypted
message to my friend
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug