[MlMt] Adding a PGP key from a message?

[Paul Hoffman]

On 20 Dec 2015, at 8:53, Fabian Blechschmidt wrote:

> The problem with GPG signed messages is, that you need the public key 
> to add it to your keychain the the key is only referenced in the 
> messages, not contained. At least that is often the case.
>
> I'm not sure how a untrusted message looks like, but for my test case 
> here, you can click on "Show Details", then you get a bunch of 
> information, including:
>
> GOODSIG 9642FF72DD74A248
> GOODSIG fingerprint
>
> which is the fingerprint of the key. Then you can use GPG Key ring to 
> get the Key.
>
> Key(s) > Get key from key server (or something like this, I only have 
> the german version here) Cmd + F
>
> Then you search for the fingerprint.
>
> IF the key server knows the key, it will send it to you, if not you 
> have bad luck. You need to ask the sender for his public key. Before 
> you insert it into your key chain, you call him or meet him and make 
> sure, that the fingerprint is correct :-)
>
> TL;DR Get the signature, search for the key. If is it not on a key 
> server ask the sender.

Excellent, thanks! That works fine. I think where I got messed up was 
the notation of "GOODSIG". That's not the signature, that's the key that 
made the signature.

--Paul Hoffman