Non-self-signed keys

Andrew Archibald
Mon, 28 Aug 2000 14:40:28 -0400


I use GnuPG to communicate with a friend who has only PGP2.6.  She
sent me her key without self-signing it.  I have confirmend the
fingerprint with her and I am confident that it was not modified in
transit.  However, I have not been able to get GnuPG to trust it.

As I understand it, all that should be necessary is to sign it with
my secret key.  I have done this.

Is it possible to convince GnuPG that I really do trust this key, or
do I absolutely have to get a self-signed version from her?


PS. These keys live on multi-user machines, so they are not very
secure to begin with.

Additional data:
My key:
pub  1024R/88DA7915  created: 2000-05-06 expires: never      trust: f/u
(1)  Andrew Archibald (RSA/IDEA key)

Her key:
pub  1024R/0B788651  created: 2000-05-18 expires: never      trust: f/q
(1)  Julie Lavoie (temporary play key)

Command> check
uid  Julie Lavoie (temporary play key)
sig!       88DA7915 2000-05-18   Andrew Archibald (RSA/IDEA key)
1 user ID without valid self-signature detected

Archive is at - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to