Mon, 28 Aug 2000 14:40:28 -0400
I use GnuPG to communicate with a friend who has only PGP2.6. She
sent me her key without self-signing it. I have confirmend the
fingerprint with her and I am confident that it was not modified in
transit. However, I have not been able to get GnuPG to trust it.
As I understand it, all that should be necessary is to sign it with
my secret key. I have done this.
Is it possible to convince GnuPG that I really do trust this key, or
do I absolutely have to get a self-signed version from her?
PS. These keys live on multi-user machines, so they are not very
secure to begin with.
pub 1024R/88DA7915 created: 2000-05-06 expires: never trust: f/u
(1) Andrew Archibald (RSA/IDEA key)
pub 1024R/0B788651 created: 2000-05-18 expires: never trust: f/q
(1) Julie Lavoie (temporary play key)
uid Julie Lavoie (temporary play key)
sig! 88DA7915 2000-05-18 Andrew Archibald (RSA/IDEA key)
1 user ID without valid self-signature detected
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to firstname.lastname@example.org