basic hash signature question

Albert gnupg at ml0402.albert.uni.cc
Fri Mar 12 16:38:06 CET 2004


Am Freitag, 12. März 2004 00:53 schrieb David Shaw:
> On Fri, Mar 12, 2004 at 12:22:21AM +0100, Albert wrote:
> > Am Donnerstag, 11. März 2004 23:35 schrieb David Shaw:
> > > > if someone doesn't have the signer's public key,
> > > > is it still possible to verify the integrity of the signed
> > > > file, even though one cannot verify the authenticity
> > >
> > > No.
> > >
> > > David
> >
> > Is there a possibility to check with a webinterface? url?
>
> Without the signer's public key, you can't do anything.  The math
> just doesn't work that way.

The public key I can get from a keyserver

> You could set up a web page to check signatures, sure, but you're
> assuming that web page is trustworthy and not compromised, etc.

That's the problem. I am thinking of a situtation, where no gpg is 
installed on a foreign pc.

Albert



More information about the Gnupg-users mailing list