verifying a file

Kent Tong
Thu Nov 22 11:47:01 2001

Dear all,

I notice that when I verify a detached signature, gpg will not
check the integrity of my public keyrings (because it doesn't
ask for my passphrase). My question is, what if someone puts some 
false public keyrings into my c:\gnupg to replace mine and send 
me signatures made by the corresponding false private keys? Then 
when I verify the signatures I will be deceived. How to prevent 


Kent Tong, MCSE, Sun Certified Programmer for Java 2
Manager of IT Department, CPTTM, which is:
* Cisco Regional Networking Academy
* Oracle Approved Education Partner
* Prometric Authorized Test Center
* Red Flag Linux Authorised Training Center