Isaac Bennetch on 18 Jan 2014 07:34:13 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Signed GPG keys but still can't send mail

Thanks for the quick response, Brent. On the surface that makes sense
because I don't recall being prompted for a trust level nor explicitly
setting one. Furthermore, in the Enigmail prompt where I see lots of red
un-selectable checkboxes, for that particular friend the "Trust" column
reads "Untrusted". However, if I do "gpg --edit-key friend" I see

pub  4096R/AAAAAAAA  created: 2009-06-27  expires: never       usage: SC
                     trust: full          validity: unknown
sub  4096R/BBBBBBBB  created: 2009-07-17  expires: never       usage: E
sub  4096R/CCCCCCCC  created: 2013-09-29  expires: 2014-10-22  usage: S

Which seems I "fully" trust this friend's key. So I'm still confused.

On 1/18/14 12:07 AM, brent saner wrote:
> sounds like you signed the key successfully but either never set a trust
> level for the key or set too low a trust level (less than three, iirc,
> is considered to be untrusted).
> brent s.
> (on my mobile device)
> On Jan 17, 2014 11:57 PM, "Isaac Bennetch" <
> <>> wrote:
>     Hi,
>     So I've got issues trying to use GPG. It all started when I went to a
>     keysigning party several months ago. I came back and, following the
>     suggestions of the keysigning party host, used the "caff" tool to sign
>     the keys of the other folks there.
>     At this point, I have my key which I can see with gpg --list-keys
>     8259BD92, I can also see that others have signed it with gpg --show-sigs
>     8259BD92 (I haven't uploaded it to a keyserver, but AFAIK that doesn't
>     affect what I'm doing locally, only if someone wanted to initiate
>     communication with me). I can see the key in my keychain of the person I
>     wish to write to, for anonymity's sake we'll say that's gpg --list-keys
>     AAAAAAAA; if I do gpg --show-sigs AAAAAAAA I also see myself as one of
>     the signers.
>     So at this point, I feel I've done everything I need to in order to
>     communicate securely with this person. However, when I try to send an
>     encrypted email from Enigmail within Thunderbird, I see a dialog
>     "Recipient not valid, not trusted, or not found: [contact email
>     address]" then a list of all the keys I think I have signed, except they
>     all have red boxes in front of the names (it would be a checkbox, but I
>     can't check it because it's red and full of danger for some reason). I
>     assumed my Enigmail might be broken, so I tried from the command line:
>     gpg --armor --encrypt --sign -r
>     <> -r
>     <>
>     secretFile.txt. I got a warning that:
>     > It is NOT certain that the key belongs to the person named in the
>     > user ID.  If you *really* know what you are doing, you may answer the
>     > next question with yes."
>     At this point I notice that the pub key displayed in the dialog is not
>     the same as the one I've signed -- but it is a subkey of that (I've
>     signed AAAAAAAA and <>
>     happens to be BBBBBBBB, which is
>     signed by AAAAAAAA, if that makes sense).
>     So anyway, (1) What went wrong? and (2) How do I send an encrypted
>     message to my friend
>     ___________________________________________________________________________
>     Philadelphia Linux Users Group         --      
>     Announcements -
>     General Discussion  --  
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --
> Announcements -
> General Discussion  --
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --