More keyserver problems'
Benz Jessica-p53552
jess.benz@motorola.com
Thu Jul 19 00:16:02 2001
Okay, I loaded Win98SE onto a virtual machine, found GPG for Windoze again, installed it, yadda yadda.
I generated a new key and tried to send it.
Here is the command I used:
gpg --keyserver myipaddr --send-keys EED38472
Here is the response I received:
gpg: success sending to myipaddr (status=200)
I think "Great, Wonderful!" I go to my keyserver to make sure it's there, only to find that it isn't, any ideas?
I also tried to receive a key that I had put up there from PGP
Here is the command I used:
gpg --keyserver myipaddr --recv-keys 27AA89D8
Here is the response I received:
gpg: requesting key 27AA89D8 from myipaddr
gpg: no valid OpenPGP data found
gpg: Total number processed 0
Any ideas on this one?
Thanks!
-----Original Message-----
From: Allie Martin [mailto:gnupg@ac-martin.com]
Sent: Wednesday, July 18, 2001 2:32 PM
To: gnupg-user list
Subject: Re: keyserver problems'
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Janusz,
On Wed, 18 Jul 2001, at 23:03:28 [GMT +0200 (CEST)] you wrote:
...
> You can't verify the signature regrardless of it being clearsigned or
> fnot, without having the sender public key because of way public key
> crypto works. Check the math, it is not that complicated.
I didn't say anything about not having the public key. What I'm proposing
can be done using PGP. The process would seem to be, from my uninformed
POV, that the key is downloaded, though not actually imported to the local
keyring. You are able to inspect the signatures associated with the key
and these are cross-referenced with keys that may already be on your local
keyring. You can then check the signature without actually adding the key
to your keyring.
> And verifying a signature without importing the key (if would possible
> with specifying of separate key) is incredibly stupid thing because
> without importing it you can't make trust calculation which defeats the
> purpose of the web of trust. See for example Schneier's Apllied Crypto
> definition of how it works.
So, one should collect as many keys as possible so that trusts can be
calculated? I'm assuming here that trusts are calculated by examining the
signatures associated with the keys. If the person who signed the key's
public key isn't on your keyring then the signature would be just listed as
an unknown signature. So it would be wise to collect public keys for this
purpose. Am I reading you right here or am I totally off the mark and
exhibiting more incredible stupidity? :-)
- --
Allie Martin
PGPKey ID:0x2B0717E2
Fingerprint:A053 0692 8415 8FC1 E677 0BDB 57C9 EB60 2B07 17E2
__
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32) - GnuPGshell v1.80u
Comment: Get my Public Key here - http://pgpkey.ac-martin.com
iD8DBQE7VgBBV8nrYCsHF+IRAlGqAJ9QmQwjR0eed7kJxChdZvfRnYBrGgCeNAPN
sEZE+KFRCJQb5ZeP/TzNV1A=
=9JUO
-----END PGP SIGNATURE-----
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users