Verifying signatures via WWW interface

Dmitri dmitri at users.sourceforge.net
Tue May 14 00:41:02 CEST 2002


On Mon, 2002-05-13 at 14:22, Toxik - Fabian Rodriguez wrote:

> I'd like to know if it's logical to offer to people to verify signatures of
> short texts via a web interface.

As long as you don't mind sending your plaintext over the network, and
telling anyone who cares to sniff the traffic what messages and who
receives, and from who, and when...

> I thought having public keys of the signers on a local keyring would be
> enough but GPG sends these warnings after displaying date and author
> information:
> 
>   Could not find a valid trust path to the key.  Let's see whether we
>   can assign some missing owner trust values.
> 
>   No path leading to one of our keys found.
> 
>   gpg: WARNING: This key is not certified with a trusted signature!
>   gpg:          There is no indication that the signature belongs to the
> owner.

You need to sign the public key of that other person. It will tell GnuPG
that you believe that the key belongs to that person. You should find
more detailed explanations in many places, such as www.gnupg.org ...

Dmitri

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20020513/7bd48714/attachment.bin


More information about the Gnupg-devel mailing list