Keys not trusted

Graham graham.todd@ntlworld.com
Tue May 6 07:33:03 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 06 May 2003 1:03 am, Wolfgang Bornath wrote:

[snipped]
> When I want to send a private mail to somebody like that and I want
> to encrypt the text I see the list of my pubring but all imported
> keys are marked red and I cannot encrypt.
> Only my own public key is marked green and I can use it to send
> encrypted mails to myself (Big Deal!)

This is one of the basic things about GPG which newcomers find difficult=20
:-)

All keys that you get are "untrusted" unless you sign them.  That way=20
you allocate a level of trust to them.  You will receive keys all the=20
time from people and they will be "untrusted": this is quite normal. =20
Unless you want to comunicate with the keyowner and send him/her a=20
signed key, simply locally sign it (in PGP terms this gives you a=20
non-exportable signature) and it will be trusted.  You do this by the=20
command:

gpg --lsign-key <KEYID>

When it comes to encryption, by default you can only encrypt to trusted=20
keys.  Simply locally sign the key before setting out to encrypt :-)=20
Some MUAs (like Mozilla Mail with Enigmail) make all keys trusted by=20
default, which I think is very dangerous, so I turn this off.

HTH
- --=20

Graham
GPG Keys at encryption.keys@ntlworld.com


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Please sign and encrypt for internet privacy

iD8DBQE+t0qdIwtBZOk1250RAnIUAJ9BDngfjF+EeYe9jIt0ll3l90u9jQCeMpmB
4EEyTss8Y4Ec208Tujehz0w=3D
=3DFz3x
-----END PGP SIGNATURE-----