new user anxiety

Mika Suomalainen mika.henrik.mainio at hotmail.com
Mon Apr 16 10:46:50 CEST 2012 

16.04.2012 07:12, Michael Talbot-Wilson kirjoitti:
> Found nothing in the FAQ on this.
> 
> I thought I'd start using gnupg, got the latest version and went
> 
> gpg --verify gnupg-2.0.19.tar.bz2.sig gnupg-2.0.19.tar.bz2
> 
> Result:
> 
> gpg: Signature made Tue 27 Mar 2012 19:33:35 CST using RSA key ID
> 4F25E3B6
> gpg: Good signature from "Werner Koch (dist sig)"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25
> E3B6
> 
> Just wondering who is masquerading as a guy named Werner Koch and
> necessarily using an untrusted key.  Maybe my named has been got at
> and I'm not getting gnupg-2.0.19.tar.bz2 from where I think, right?
> What is the IP address of the genuine site, can anyone tell me?
> 
> Hum.  Found the same re the character who supposedly signed GNU Hello,
> one Karl Something-or-other.  Same problem, someone faking his
> identity...?  (Assuming he exists, of course.)  Is this normal?  Why
> the capitalized WARNING if it's normal? What's going on?  A newbie'd
> like to know.
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

That warning means that you (or person whose key you have signed) hasn't
signed that key.
See also
http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#reason_examples

I hope that this helps.

-- 
Mika Suomalainen
gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728
Key fingerprint = 24BC 1573 B8EE D666 D10A  AA65 4DB5 3CFE 82A4 6728
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x82A46728.asc
Type: application/pgp-keys
Size: 5920 bytes
Desc: not available
URL: </pipermail/attachments/20120416/9113be3b/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120416/9113be3b/attachment.pgp>

More information about the Gnupg-users mailing list