[MlMt] Adding a PGP key from a message?
phoffman at proper.com
Sun Dec 20 14:54:58 EST 2015
On 20 Dec 2015, at 8:53, Fabian Blechschmidt wrote:
> The problem with GPG signed messages is, that you need the public key
> to add it to your keychain the the key is only referenced in the
> messages, not contained. At least that is often the case.
> I'm not sure how a untrusted message looks like, but for my test case
> here, you can click on "Show Details", then you get a bunch of
> information, including:
> GOODSIG 9642FF72DD74A248
> GOODSIG fingerprint
> which is the fingerprint of the key. Then you can use GPG Key ring to
> get the Key.
> Key(s) > Get key from key server (or something like this, I only have
> the german version here) Cmd + F
> Then you search for the fingerprint.
> IF the key server knows the key, it will send it to you, if not you
> have bad luck. You need to ask the sender for his public key. Before
> you insert it into your key chain, you call him or meet him and make
> sure, that the fingerprint is correct :-)
> TL;DR Get the signature, search for the key. If is it not on a key
> server ask the sender.
Excellent, thanks! That works fine. I think where I got messed up was
the notation of "GOODSIG". That's not the signature, that's the key that
made the signature.
More information about the mailmate