On Mittwoch, 17. April 2024 04:08:12 CEST Ben Finney wrote: > Ingo Klöcker <[email protected]> writes: > > It would be helpful if you also gave us the public key. > > Oh, I had expected a GnuPG client would fetch the key? It's part of the > signed message metadata, so it should be automatically fetched from the > key servers, I'd expect.
Only if auto‐key‐retrieve is enabled. > Regardless, here is the URL to download that public key: > > <URL: > https://keys.openpgp.org/search?q=517C+F14B+B2F3+98B0+CB35++4855+B8B2+4C06+ > AC12+8405> $ curl https://keys.openpgp.org/vks/v1/by-fingerprint/ 517CF14BB2F398B0CB354855B8B24C06AC128405 | gpg --import gpg: key B8B24C06AC128405: no user ID gpg: Total number processed: 1 gpg doesn't import keys without user ID. I found the key on another keyserver, but when I try to verify the test message Kleopatra tells me: Signature created on Montag, 15. April 2024 01:32:13 CEST With unavailable certificate: ID: 0x6159E0F29E2FA412E0795C73F9B46AAC84420C82 You can search the certificate on a keyserver or import it from a file. I guess the required subkey is missing on the certificate I could import. Searching the certificate 0x6159E0F29E2FA412E0795C73F9B46AAC84420C82 didn't yield any results. > $ gpg --status-fd 2 foo.txt.asc [...] > [GNUPG:] TRUST_UNDEFINED 0 pgp > gpg: WARNING: This key is not certified with a trusted signature! I think this is the important bit. If you look at the code snippet that Werner pasted then you'll see why `sum` isn't changed in this snippet. So, in this case 0 means good signature by an uncertified key. It's up to you to decide what to make of this. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-devel
