Using Stamper service with GnuPG (aka using non-selfsigned keys)

Steven Murdoch sjmurdoch@bigfoot.com
Sun Apr 22 20:58:01 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've been trying to use the Stamper service
(http://www.itconsult.co.uk/stamper.htm) with GnuPG but I seem to be
having problems due to the public key not being self signed. I have
emailed Matthew Richardson who runs the service and he says that he
does not want to sign they key since he only wants things that have gone
through stamper to be signed by this private key.

I have been able to import the key using --allow-non-selfsigned-uid
but when I attempt to verify anything it says that the key is invalid
(see below), even if I have signed it myself.

Is there any way to stop this happening and also are there any
security issues involved with verifying signatures by non-selfsigned
keys?

Thank you in advance,

Steven Murdoch.

[smurdoch@silicon Desktop]$ gpg filename.asc
File `filename exists. Overwrite (y/N)? y
gpg: old style (PGP 2.x) signature
gpg: Signature made Sun 22 Apr 2001 07:39:27 PM BST using RSA key ID 70B61F81
gpg: Good signature from "Timestamp Service <stamper@itconsult.co.uk>"
Could not find a valid trust path to the key.  Let's see whether we
can assign some missing owner trust values.

No path leading to one of our keys found.

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
gpg: Fingerprint: 4B 12 BC D5 78 85 11 06  3B 54 31 90 E0 9D F3 06

[smurdoch@silicon Desktop]$ gpg --list-sigs stamper
pub  2046R/70B61F81 1995-10-11 [invalid] Timestamp Service <stamper@itconsult.co.uk>
sig        0712FEBD 1995-10-12  Matthew Richardson <Jersey, Channel Islands>
sig        28A03886 2001-04-22  Steven Murdoch (personal) <sjmurdoch@bigfoot.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE64yjwy7aeQyigOIYRArf5AJ4vunu6Hwcs2VEu7Y0QpeEiyfy92ACgh9L2
RVBNsPI4MC5NWL2DMt7F2o0=
=42z6
-----END PGP SIGNATURE----- 

-- 
email: sjmurdoch@bigfoot.com
web: http://www.bigfoot.com/~murdomania/
PGP/GnuPG Keys: http://www.bigfoot.com/~murdomania/keys.html
Geek Code: http://www.bigfoot.com/~murdomania/geek.htm
Diary: http://www.advogato.org/person/sjmurdoch/