PGP signatures.
Patrick O'Callaghan
pocallaghan at gmail.com
Wed May 28 13:36:57 UTC 2008
On Wed, 2008-05-28 at 08:04 -0500, Aaron Konstam wrote:
> On Tue, 2008-05-27 at 22:10 -0400, Todd Zullinger wrote:
> > Aaron Konstam wrote:
> > > I have the file set up as you indicate and evolution indicates the
> > > key is invalid. Maybe its evolutions fault.
> >
> > The issue that I was responding to was getting the key automatically
> > retrieved from a keyserver. That is a separate issue from validating
> > the key. If evolution tells you that the key is invalid, it would
> > indicate to me that it did retrieve the key correctly. It then could
> > not find any trusted signatures on that key, thus the key is
> > "invalid."
> >
> > For a key to be valid, it needs to be signed by a key to which you
> > have given sufficient trust. Your own key is ultimately trusted. You
> > can assign various levels of trust to other keys (once they have been
> > signed by a trusted key). By default, gpg will consider a key valid
> > if it signed by at least one fully or ultimately trusted key, or by 3
> > or more marginally trusted keys.
> Ok, I agree with your analysis. It can't be ruled as invalid if had not
> been retrieved. But I am ignorant. I do not know how to do the signing
gpg --sign-key <name>
See gpg(1).
poc
More information about the fedora-list
mailing list