Verifying signatures via WWW interface

Toxik - Fabian Rodriguez Fabian.Rodriguez at
Tue May 14 00:24:01 CEST 2002


I'd like to know if it's logical to offer to people to verify signatures of
short texts via a web interface. I'm trying to understand some other
applications of OpenPGP/gnupg.

I thought having public keys of the signers on a local keyring would be
enough but GPG sends these warnings after displaying date and author

  Could not find a valid trust path to the key.  Let's see whether we
  can assign some missing owner trust values.

  No path leading to one of our keys found.

  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the
  gpg: Fingerprint: A6EF 1DF9 39CC 873C 5855  D7BA 93E0 2B96 73AE 57A0

Of course, we don't want to store a private key for this particular
application, what would be required to have a trust path ? The local keyring
only has public keys in this example.

Thanks for any information on this.

Fabián Rodríguez - Toxik Technologies, Inc. · (514) 528-6945 @221
OpenPGP: 0x5AF2A4D5

More information about the Gnupg-devel mailing list