verifying a file
Kent Tong
kent@cpttm.org.mo
Thu Nov 22 11:47:01 2001
Dear all,
I notice that when I verify a detached signature, gpg will not
check the integrity of my public keyrings (because it doesn't
ask for my passphrase). My question is, what if someone puts some
false public keyrings into my c:\gnupg to replace mine and send
me signatures made by the corresponding false private keys? Then
when I verify the signatures I will be deceived. How to prevent
this?
Thanks!
---
Kent Tong, MCSE, Sun Certified Programmer for Java 2
Manager of IT Department, CPTTM, which is:
* Cisco Regional Networking Academy
* Oracle Approved Education Partner
* Prometric Authorized Test Center
* Red Flag Linux Authorised Training Center