On 04.06.17 11:50, Ben McGinnes wrote: > On Sun, Jun 04, 2017 at 11:21:33AM +0200, Stefan Claas wrote: >> The reason why i ask, i started to use Thunderbird with Enigmail and >> Enigmail shows me always Untrusted Good Signature with a 32bit key ID, >> when i have not carefully verified the persons pub key and --lsign'ed >> the pub-key. Showing only the long key id or the complete fingerprint >> is imho more difficult to quickly memorize than an additionial shown >> identicon (computed from the fingerprint). > You shouldn't need to memorise it. In Enigmail you can create rules > for addresses to link to preferred keys, as well as set whether or not > to encrypt all messages or just sign and so on. Most MUAs which > support GPG provide some method of doing this and GPG itself supports > that function with group lists in the gpg.conf file.
Thank you for the information, i will check it out. > > If the version of GPG you have installed supports it, you should > probably add this to your gpg.conf: > > trust-model tofu+pgp > tofu-default-policy unknown > > That will gradually build a more practical web-of-trust which keeps > track of seen keys for you. I use GPGTools and therefore can't use it yet. > >> P.S. With scallion it took me only seconds/or a minute to generate >> a fake pub-key with the same 32bit key id, on my old notebook. > Yes, this has been possible for a long time now. Most people use a > 64-bit view for that reason. This is now the default view in GPG 2.1, > along with displaying the full finterprint. If you do not have GPG > 2.1.x installed, such as if you're using GPGTools on OS X or GPG4Win, > then add "keyid-format 0xLONG" to your gpg.conf file. > I did that, but Enigmail still shows me the short key-id. :-( Regards Stefan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users