-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 27 November 2003 13:48, Alexandre Strube wrote: > the last gpg line says: Unable to verify signature: public key not > found. > > What does this mean? You need a person's public key before you can assess whether the message sender has the matching private key. If you are sure that the public key you have came from the real person, then for a message to be correctly signed with that public key, the message originator must have had the person's matching private key. If you in turn trust that the person kept his private key safe from being copied, then you can reasonably believe that the person wrote the email. Without crypto sigs anyone can claim to be anyone in email (hello Holden McGroin :-) ). I attached my public key to this message for you to import and see how it works, but normally this is not a good way to issue your public key, since an imposter can make up a new fake key and attach it to his fake mail. People normally use keyserver websites to associate a public key with an email address. - -Andy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/xhLxjKeDCxMJCTIRAneHAJ4p7s9NeRTceIl4KKjz/8O8CL+ceACdH4Yw sGzFTR1B3K8fv3ehGAzlMU0= =es9e -----END PGP SIGNATURE-----
Attachment:
public_key.asc
Description: application/pgp-keys
