valid sig, invlalid key?
L. Sassaman
rabbi@quickie.net
Wed, 23 Aug 2000 17:06:36 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
That means that the key that produced the signature is not known to be
valid. In otherwords, it isn't signed be a trusted key.
You should verify the identity of the owner of the key, and then confirm
that the key in question actually is the one he is using (the key
fingerprint is unique for all practical purposes of identification -- have
him read the fingerprint to you, and then if it matches the copy you have,
sign his key.)
- --Len.
On Wed, 23 Aug 2000, David Turley wrote:
> Our organization recently started signing it's email using GnuPG. A win2000 PGP
> 6.5.2 user is getting this message when verifying the GnuPG signed email.
>
> *** PGP Signature Status: good
> *** Signer: My Company <me@mycompany.com> (Invalid)
> *** Signed: 8/23/2000 10:39:46 AM
> *** Verified: 8/23/2000 4:20:59 PM
> *** BEGIN PGP VERIFIED MESSAGE ***
>
> The message verifies as good, but what's the (Invalid) message?
>
>
>
>
>
> --
> Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
> with a subject of "unsubscribe" to gnupg-users-request@gnupg.org
>
__
L. Sassaman
Security Architect | "We all want many things,
Technology Consultant | but some of those are bottomly
| destructive of all desires."
http://sion.quickie.net | --Vernor Vinge
-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.
iD8DBQE5pGcTPYrxsgmsCmoRApO3AKDxnIpptR2O0kg5AiLxmc5lU4D4xACfZNDK
Sj/aiGzlSTEny1MLHMyVv3E=
=iVcM
-----END PGP SIGNATURE-----
--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org