Verifying signatures via WWW interface

Toxik - Fabian Rodriguez Fabian.Rodriguez@Toxik.com
Mon May 13 23:24:01 2002


Hello,

I'd like to know if it's logical to offer to people to verify signatures of
short texts via a web interface. I'm trying to understand some other
applications of OpenPGP/gnupg.

I thought having public keys of the signers on a local keyring would be
enough but GPG sends these warnings after displaying date and author
information:

  Could not find a valid trust path to the key.  Let's see whether we
  can assign some missing owner trust values.

  No path leading to one of our keys found.

  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the
owner.
  gpg: Fingerprint: A6EF 1DF9 39CC 873C 5855  D7BA 93E0 2B96 73AE 57A0

Of course, we don't want to store a private key for this particular
application, what would be required to have a trust path ? The local keyring
only has public keys in this example.

Thanks for any information on this.

Fabián Rodríguez - Toxik Technologies, Inc.
www.toxik.com ˇ (514) 528-6945 @221
OpenPGP: 0x5AF2A4D5