[MlMt] Adding a PGP key from a message?

[Fabian Blechschmidt]

The problem with GPG signed messages is, that you need the public key to 
add it to your keychain the the key is only referenced in the messages, 
not contained. At least that is often the case.

I'm not sure how a untrusted message looks like, but for my test case 
here, you can click on "Show Details", then you get a bunch of 
information, including:

GOODSIG 9642FF72DD74A248
GOODSIG fingerprint

which is the fingerprint of the key. Then you can use GPG Key ring to 
get the Key.

Key(s) > Get key from key server (or something like this, I only have 
the german version here) Cmd + F

Then you search for the fingerprint.

IF the key server knows the key, it will send it to you, if not you have 
bad luck. You need to ask the sender for his public key. Before you 
insert it into your key chain, you call him or meet him and make sure, 
that the fingerprint is correct :-)

TL;DR Get the signature, search for the key. If is it not on a key 
server ask the sender.

On 20 Dec 2015, at 17:36, Paul Hoffman wrote:

> Greetings. If I see a PGP-signed message that has an untrusted valid 
> signature that I am sure is signed by the person, I would like to add 
> it to my PGP key ring. I'm using GnuPG for key ring management. I 
> don't see a way, even a multi-step way, to go from that message to 
> adding the key to my keyring. Clues?
>
> --Paul Hoffman
> _______________________________________________
> mailmate mailing list
> mailmate at lists.freron.com
> http://lists.freron.com/listinfo/mailmate

-- 
Fabian Blechschmidt
Tel: +49 30 419 932 55
Handy: +49 176 666 55 256