Verifying signatures via WWW interface
Toxik - Fabian Rodriguez
Fabian.Rodriguez@Toxik.com
Mon May 13 23:24:01 2002
Hello,
I'd like to know if it's logical to offer to people to verify signatures of
short texts via a web interface. I'm trying to understand some other
applications of OpenPGP/gnupg.
I thought having public keys of the signers on a local keyring would be
enough but GPG sends these warnings after displaying date and author
information:
Could not find a valid trust path to the key. Let's see whether we
can assign some missing owner trust values.
No path leading to one of our keys found.
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
gpg: Fingerprint: A6EF 1DF9 39CC 873C 5855 D7BA 93E0 2B96 73AE 57A0
Of course, we don't want to store a private key for this particular
application, what would be required to have a trust path ? The local keyring
only has public keys in this example.
Thanks for any information on this.
Fabián Rodríguez - Toxik Technologies, Inc.
www.toxik.com ˇ (514) 528-6945 @221
OpenPGP: 0x5AF2A4D5