How to select a particular public key when verifying a signature?
expires2011 at ymail.com
Sat Dec 17 17:55:41 CET 2011
-----BEGIN PGP SIGNED MESSAGE-----
On Saturday 17 December 2011 at 2:22:28 PM, in
<mid:E1Rbv9g-0001Bi-00.pv4-bk-ru at f107.mail.ru>, Vladimir A. Pavlov
> Consider the following situation.
> I have two friends: Alice and Bob. I added their
> publick keys (Alice's AAAAAAAA and Bob's BBBBBBBB) to
> my keyring. Now Bob sends me a signed file. When I
> verify the signature the file appears to be signed by
> Alice's key. But gpg doesn't give me an error, it just
> tells me the file was signed with AAAAAAAA key so that
> I have to look at the message and discover the key
> doesn't correspond to the sender.
> Bob has obviously got Alice's key
Bob has possibly got Alice's key. The more obvious conclusion is that
Bob has simply forwarded a file that Alice signed. Of course, both
possibilities need to be considered.
MFPA mailto:expires2011 at ymail.com
No man ever listened himself out of a job
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users