On Mon, 2008-09-22 at 08:48 -0400, Patrick O'Callaghan wrote: > On Mon, 2008-09-22 at 12:43 +0100, Andrew Taylor wrote: > > My recipients get a message stating: "Valid signature but cannot > > verify sender. > > > > When I click on the key icon I get the following: > > > > gpg: armour header: Version: GnuPG v1.4.6 (GNU/Linux) > > gpg: Signature made Mon 22 Sep 2008 12:39:44 BST using DSA key ID > > <deleted> > > gpg: using PGP trust model > > gpg: Good signature from "Andrew "Ampers" Taylor (Dated 1st > September > > 2008) <[EMAIL PROTECTED]>" > > gpg: WARNING: This key is not certified with a trusted signature! > > gpg: There is no indication that the signature belongs to > the > > owner. > > Primary key fingerprint: FBAA 4578 313F C31B FEF3 A804 6A9E 3CAE > E031 > > 0EF1 > > gpg: binary signature, digest algorithm SHA1 > > > > Any clues? I recently had to reload Ubuntu onto my PC. > > It just means that your key isn't signed by anyone trusted by the > recipients (such as yourself). You either need to exchange signatures > with them, preferrably using some out-of-band mechanism such as direct > contact, or have a mutually trusted third party do it. Read up on the > "web of trust" in the GPG docs.
As Patrick points out, this is appropriate behavior. What it is saying is that this is a valid signature, based on the person who uploaded the key, but there is no proof that the person who uploaded the key is really you. -- Art Alexion Resources for Human Development, Inc. 215-951-0300 x3075 4700 Wissahickon Ave. [EMAIL PROTECTED] Philadelphia, PA 19144 www.rhd.org
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Evolution-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/evolution-list
