Verify that the file is from who I expect it to be from
Robert J. Hansen
rjh at sixdemonbag.org
Fri Oct 27 04:06:49 CEST 2017
> maybe I'm missing something, but how do I verify not only that an
> encrypted file is signed, but that it is signed by the party I expect to
> have signed it?
Look for output like:
Signature made 10/26/17 22:01:37 Eastern Daylight Time
using RSA key CC11BE7CBBED77B120F37B011DCBDC01B44427C7
Good signature from "Robert J. Hansen <rjh at sixdemonbag.org>" [ultimate]
aka "Robert J. Hansen <rob at enigmail.net>" [ultimate]
aka "Robert J. Hansen <rob at hansen.engineering>"
See that line reading "Good signature"? That's what you're looking for.
Hope this helps. :)
More information about the Gnupg-users