Don't send encrypted messages to random users to test your gpg

Duane Whitty duane at
Mon May 29 13:00:59 CEST 2017

Hi list,

When I checked my email this morning I had an encrypted message from
someone I didn't know and had never heard of signed with a signature for
which no public key was available.

When I saw the email with a subject "test, test, hello" (or something to
that effect" I decided not to let Thunderbird/Enigmail process it but
rather I copy and pasted the cypher text into a file and used the
command line to look at it..

The message and relevant gpg output was:

"Subject: test, test - hello

hey, i hope you don't mind - I just wanted to test using GPG and I
picked you at random."

gpg: Signature made Mon 29 May 2017 02:59:23 AM ADT
gpg:                using RSA key (deleting for email to list)
gpg: Can't check signature: No public key"

To the person who sent me this my reply is that yes I do mind.  I tend
to believe no harm is intended and I'm not terribly upset over it but I
consider it to be bad Internet etiquette.  It would be only a little
more acceptable if you had published your public key so that the
signature you used to sign with could at least be verified.

Having hashed that out welcome to the community :-)

To test your setup try this link,
I haven't used it myself but unless someone from the list knows why it
shouldn't be used it should fine.

I also highly recommend reading

The above links are just to get started.  Happy pgp'ing

Best Regards,

Duane Whitty
duane at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170529/e086dc2d/attachment.sig>

More information about the Gnupg-users mailing list