valid sig, invlalid key?

L. Sassaman
Wed, 23 Aug 2000 17:06:36 -0700 (PDT)

Hash: SHA1

That means that the key that produced the signature is not known to be
valid. In otherwords, it isn't signed be a trusted key. 

You should verify the identity of the owner of the key, and then confirm
that the key in question actually is the one he is using (the key
fingerprint is unique for all practical purposes of identification -- have
him read the fingerprint to you, and then if it matches the copy you have,
sign his key.)

- --Len.

On Wed, 23 Aug 2000, David Turley wrote:

> Our organization recently started signing it's email using GnuPG. A win2000 PGP
> 6.5.2 user is getting this message when verifying the GnuPG signed email.
> *** PGP Signature Status: good
> *** Signer: My Company <> (Invalid)
> *** Signed: 8/23/2000 10:39:46 AM
> *** Verified: 8/23/2000 4:20:59 PM
> The message verifies as good, but what's the (Invalid) message?
> --
> Archive is at - Unsubscribe by sending mail
> with a subject of "unsubscribe" to
__ L. Sassaman Security Architect | "We all want many things, Technology Consultant | but some of those are bottomly | destructive of all desires." | --Vernor Vinge -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5pGcTPYrxsgmsCmoRApO3AKDxnIpptR2O0kg5AiLxmc5lU4D4xACfZNDK Sj/aiGzlSTEny1MLHMyVv3E= =iVcM -----END PGP SIGNATURE----- -- Archive is at - Unsubscribe by sending mail with a subject of "unsubscribe" to