Keys not trusted

Malte Gell
Thu May 8 16:27:14 2003

Hash: RIPEMD160

Am Dienstag, 6. Mai 2003 02:03 schrieb Wolfgang Bornath:
> Hi,
> Being fairly new in this I joined this list and received some
> messages by people who signed their messages. I always imported the
> keys (using the gpg option --auto-key-retrieve) and kmail tells me
> "Message is signed by XY (blahblub) (Key-ID: 0x12345678).
> Signature is valid but the key is not trusted."

KMail (other clients too ?) will only accept such keys, if they're=20
signed. You could (locally) sign this key and then KMail will accept=20
it. By the way, does someone know, whether this behaviour completely=20
depend on the MUA or is this some OpenPGP recommendation ?

By the way, if you want to get subscribed to lots of mailing lists, the=20
=2D --auto-key-retrieve option may bloat your key ring in the long run. It=
may contain lots of keys from people you may never have contact with.=20
So it happens now with my key, because this message is signed ;-) If=20
you want to contact a person whose message is signed you can get=20
his/her key at a later point of time anyway. KMail always shows the key=20
ID of a signed message, no matter if you have the key locally on your=20
keyring, you still can get it if really needed.

Version: GnuPG v1.2.2 (GNU/Linux)