Evolution, Fedora, Fedora-list or Surak's dumbness issue?

Andy Green fedora at warmcat.com
Thu Nov 27 15:06:25 UTC 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 27 November 2003 13:48, Alexandre Strube wrote:

> the last gpg line says: Unable to verify signature: public key not
> found.
>
> What does this mean?

You need a person's public key before you can assess whether the message 
sender has the matching private key.  

If you are sure that the public key you have came from the real person, then 
for a message to be correctly signed with that public key, the message 
originator must have had the person's matching private key.  If you in turn 
trust that the person kept his private key safe from being copied, then you 
can reasonably believe that the person wrote the email.  Without crypto sigs 
anyone can claim to be anyone in email (hello Holden McGroin :-) ).

I attached my public key to this message for you to import and see how it 
works, but normally this is not a good way to issue your public key, since an 
imposter can make up a new fake key and attach it to his fake mail.  People 
normally use keyserver websites to associate a public key with an email 
address.

- -Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/xhLxjKeDCxMJCTIRAneHAJ4p7s9NeRTceIl4KKjz/8O8CL+ceACdH4Yw
sGzFTR1B3K8fv3ehGAzlMU0=
=es9e
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: public_key.asc
Type: application/pgp-keys
Size: 1661 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20031127/adee0098/attachment-0001.bin>


More information about the fedora-list mailing list