More keyserver problems'

Benz Jessica-p53552
Thu Jul 19 00:16:02 2001

Okay, I loaded Win98SE onto a virtual machine, found GPG for Windoze again, installed it, yadda yadda.
I generated a new key and tried to send it.
Here is the command I used:
gpg --keyserver myipaddr --send-keys EED38472
Here is the response I received:
gpg: success sending to myipaddr (status=200)

I think "Great, Wonderful!" I go to my keyserver to make sure it's there, only to find that it isn't, any ideas?

I also tried to receive a key that I had put up there from PGP
Here is the command I used:
gpg --keyserver myipaddr --recv-keys 27AA89D8
Here is the response I received:
gpg: requesting key 27AA89D8 from myipaddr
gpg: no valid OpenPGP data found
gpg: Total number processed 0

Any ideas on this one?


-----Original Message-----
From: Allie Martin []
Sent: Wednesday, July 18, 2001 2:32 PM
To: gnupg-user list
Subject: Re: keyserver problems'

Hash: SHA1

Hi Janusz,
     On Wed, 18 Jul 2001, at 23:03:28 [GMT +0200 (CEST)] you wrote:


> You can't verify the signature regrardless of it being clearsigned or
> fnot, without having the sender public key because of way public key
> crypto works. Check the math, it is not that complicated.
I didn't say anything about not having the public key. What I'm proposing can be done using PGP. The process would seem to be, from my uninformed POV, that the key is downloaded, though not actually imported to the local keyring. You are able to inspect the signatures associated with the key and these are cross-referenced with keys that may already be on your local keyring. You can then check the signature without actually adding the key to your keyring.
> And verifying a signature without importing the key (if would possible
> with specifying of separate key) is incredibly stupid thing because
> without importing it you can't make trust calculation which defeats the
> purpose of the web of trust. See for example Schneier's Apllied Crypto
> definition of how it works.
So, one should collect as many keys as possible so that trusts can be calculated? I'm assuming here that trusts are calculated by examining the signatures associated with the keys. If the person who signed the key's public key isn't on your keyring then the signature would be just listed as an unknown signature. So it would be wise to collect public keys for this purpose. Am I reading you right here or am I totally off the mark and exhibiting more incredible stupidity? :-) - -- Allie Martin PGPKey ID:0x2B0717E2 Fingerprint:A053 0692 8415 8FC1 E677 0BDB 57C9 EB60 2B07 17E2 __ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) - GnuPGshell v1.80u Comment: Get my Public Key here - iD8DBQE7VgBBV8nrYCsHF+IRAlGqAJ9QmQwjR0eed7kJxChdZvfRnYBrGgCeNAPN sEZE+KFRCJQb5ZeP/TzNV1A= =9JUO -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list