[WYLUG-help] GPG in Evolution email
Mike Goodman
mike.goodman at zen.co.uk
Sun May 21 17:11:08 BST 2006
Let's see if I can explain what I did a bit better. Using the example of
trying to communicate with James Holden because his email address is
here and we know he has a digital signature because it shows at the
bottom of each of his WYLUG postings.
gpg --search-keys james at jamesholden.net
which gives me a load of gubbins including the email addresses for which
his key is good plus the public key itself and ending with:
> created: 2003-10-22
> Keys 1-1 of 1 for "james at jamesholden.net". Enter number(s), N)ext, or Q)uit >
At this point I'm not sure what to do so I type q then enter:
gpg --import-keys <James Holden's 8 hex digits public key>
and get the response:
> $ gpg --import 8hex
> gpg: can't open `8hex': No such file or directory
> gpg: Total number processed: 0
so then I try responding to Enter number(s), N)ext, or Q)uit > with n,
which doesn't do anything, so N, ditto, so 1 which gets me to:
gpg: requesting key <James' key number> from hkp server subkeys.pgp.net
gpg: key <James' key number>: "James Andrew Holden
<james at jamesholden.net>" 4 new signatures
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2007-01-14
gpg: Total number processed: 1
gpg: new signatures: 4
But this has moved me no further forward, so far as I am aware. It
certainly has not enabled me to send a signed email to James off-list to
test. The gpg docs tell me:
> gpg --import [Filename]
> if the filename is omitted the data will be read from stdin
What, exactly, in words I can understand, does it mean by filename? I've
tried typing in James' public key, his name, his email address and just
get a "no such file" error each time.
Finally, I've tried gpg --import with no parameters and it just hangs.
If it's taken n hour and is still importing keys, I just don't want that
many! ;)
So, does that little lot help anyone to explain what it is I'm doing
wrong?
On Sat, 2006-05-20 at 20:05 +0100, James Holden wrote:
> On Sat, May 20, 2006 at 06:13:20PM +0100, Mike Goodman wrote:
> > I installed GPG some time ago and generated keys and a pass phrase. I
> > got the relevant success messages after having initial difficulties and
> > getting help here. However, I hadn't used it apart from a couple of
> > tries just after I'd installed it to send signed and/or encrypted mail
> > without success. Here's the gubbins from generating the keys:
> >
> >
> > > gpg: /home/xxxx/.gnupg/trustdb.gpg: trustdb created
> > > gpg: key X0X0XX00 marked as ultimately trusted
> > > public and secret key created and signed.
> > >
> > > gpg: checking the trustdb
> > > gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
> > > gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
> > > gpg: next trustdb check due at 2007-01-14
> > > pub 1024D/XXX99XXX 2006-01-14 [expires: 2007-01-14]
> > > Key fingerprint = 0000 000X XX00 XX00 0XXX 000X 0X00 0XX0 X0X0 XX00
> > > uid Mike Goodman (Director, Stop Watch Web Limited) <mike.goodman at stopwatchweb.co.uk>
> > > sub 2048g/0000XX00 2006-01-14 [expires: 2007-01-14]
>
> All looks good!
>
> > This bit could be interesting, but I don't know what to do about it:
> >
> > > gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
>
> Don't worry about that for now.
>
> > When I receive mail from someone using a digital signature, the box at
> > the bottom of the email says
> >
> > > Valid signature, cannot verify sender
>
> That's normal. What it means is that the signature is valid, but you
> haven't trusted their key yourself so you've no idea whether it's really
> who they say they are.
>
> All you need to do to get GPGG working with Evolution is put your key ID
> in the 'GPG/PGP Key ID' box in evolution.
>
> It's the 8 hex digits after the '1024D/' in the bit you quoted above.
>
> You should also submit your public key to the keyservers, like so:
>
> gpg --send-keys <your_key_id>
>
>
> Regards,
>
>
> James
>
>
More information about the Wylug-help
mailing list