Mutt and GPG - claims ALL signatures can't be verified
in [Debian]
|
From: Alexander Batischev on 11 Jun 2010 13:50 I'm using mutt for about a month already. Almost all problems already solved, I successfully moved to IMAP. It's time to get GPG signing to work. As you probably noticed, all my messages are signed. But when I open any--even my own!--message, mutt tells me that PGP signature can NOT be verified. Which is more interesting, I did not have that problem before I imported my secure key (it was stored on desktop; now I'm mostly use netbook). I mean, I had PGP set but I didn't have secure key so I did not sign my messages, just verify other's. I did some little research on the web. It seems that problem is pretty popular, and most common answer is to set pgp_good_sign in muttrc. As far as I copied my GPG config from Mutt GnuPG HowTo[1], I already had that option set. I also tried to set it to the following: set pgp_good_sign="`gettext -d gnupg -s 'Good signature from "' | tr -d '"'`" which, as I could understand, is just a trick to add sender's name to GPG's verification message, but it didn't solve my problem. I also tried to not set this option, with no luck. Does anyone have any advice? My .muttrc attached. 1. http://codesorcery.net/old/mutt/mutt-gnupg-howto -- Regards, Alexander Batischev 1024D/69093C81 F870 A381 B5F5 D2A1 1B35 4D63 A1A7 1C77 6909 3C81
From: Alexander Batischev on 11 Jun 2010 14:10 Some thoughts which just came to my head: can it be because of lack of trusted keys? I did not set anyone's key as trusted, so I don't have web of trust. This still don't explain (in my opinion, at least) why my own signature can't be verified. -- Regards, Alexander Batischev 1024D/69093C81 F870 A381 B5F5 D2A1 1B35 4D63 A1A7 1C77 6909 3C81
From: Camaleón on 11 Jun 2010 14:30 On Fri, 11 Jun 2010 21:03:22 +0300, Alexander Batischev wrote: > Some thoughts which just came to my head: can it be because of lack of > trusted keys? I did not set anyone's key as trusted, so I don't have web > of trust. This still don't explain (in my opinion, at least) why my own > signature can't be verified. Exactly (a very good explanation about that, here): http://wiki.mutt.org/?MuttGuide/UseGPG In order to verify a signed message, either you have to previosuly import the key into your keyring or you need to setup Mutt to retrieve the key from public servers. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/pan.2010.06.11.18.21.14(a)gmail.com
From: Alexander Batischev on 11 Jun 2010 14:40 On Fri, Jun 11, 2010 at 06:21:14PM +0000, Camale??n wrote: > On Fri, 11 Jun 2010 21:03:22 +0300, Alexander Batischev wrote: > > > Some thoughts which just came to my head: can it be because of lack of > > trusted keys? I did not set anyone's key as trusted, so I don't have web > > of trust. This still don't explain (in my opinion, at least) why my own > > signature can't be verified. > > Exactly (a very good explanation about that, here): > > http://wiki.mutt.org/?MuttGuide/UseGPG Yeah, I've read it before, but still can't understand... > In order to verify a signed message, either you have to previosuly import > the key into your keyring or you need to setup Mutt to retrieve the key > from public servers. I have all the keys retrieved (previously, I run gpg --recv-keys keyID every time I face with new key; now I just set "keyserver-options auto-key-retrieve" in ~/.gnupg/gpg.conf, so all new keys are retrieved automatically). And it still doesn't explain why my own signature can't be verified, too. When I open my own message, I have this on the top, right between headers and body: [-- PGP output follows (current time: Fri Jun 11 21:26:24 2010) --] gpg: Signature made Fri Jun 11 20:48:09 2010 EEST using DSA key ID 69093C81 gpg: Good signature from "Alexander Batischev <eual.jp(a)gmail.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: F870 A381 B5F5 D2A1 1B35 4D63 A1A7 1C77 6909 3C81 [-- End of PGP output --] I'm little worried about "not certified with a trusted signature" - it's my own signature, it should be trusted, innit? -- Regards, Alexander Batischev 1024D/69093C81 F870 A381 B5F5 D2A1 1B35 4D63 A1A7 1C77 6909 3C81
From: Camaleón on 11 Jun 2010 15:10 On Fri, 11 Jun 2010 21:37:57 +0300, Alexander Batischev wrote: > On Fri, Jun 11, 2010 at 06:21:14PM +0000, Camale??n wrote: >> In order to verify a signed message, either you have to previosuly >> import the key into your keyring or you need to setup Mutt to retrieve >> the key from public servers. > > I have all the keys retrieved (previously, I run gpg --recv-keys keyID > every time I face with new key; now I just set "keyserver-options > auto-key-retrieve" in ~/.gnupg/gpg.conf, so all new keys are retrieved > automatically). And it still doesn't explain why my own signature can't > be verified, too. Then maybe is that you have to "explicitely" import the key and trust that key. Did you already do that? :-? > When I open my own message, I have this on the top, right between > headers and body: > > [-- PGP output follows (current time: Fri Jun 11 21:26:24 2010) --] gpg: > Signature made Fri Jun 11 20:48:09 2010 EEST using DSA key ID 69093C81 > gpg: Good signature from "Alexander Batischev <eual.jp(a)gmail.com>" gpg: > WARNING: This key is not certified with a trusted signature! gpg: > There is no indication that the signature belongs to the owner. > Primary key fingerprint: F870 A381 B5F5 D2A1 1B35 4D63 A1A7 1C77 6909 > 3C81 [-- End of PGP output --] > > I'm little worried about "not certified with a trusted signature" - it's > my own signature, it should be trusted, innit? Yes, I also see that warning in Mutt for signed e-mails coming for users that I have not added nor marked as "trusted" into my keyring. Also, test it with another e-mail client (thunderbird, kmail, evolution...) so you can compare the results. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/pan.2010.06.11.18.59.22(a)gmail.com
|
Next
|
Last
Pages: 1 2 3 Prev: Upgrade Kernel, Lose External Display Next: Caraíbas * Baleares & Canárias * Cabo Verde |