On 10.11.2006 23:47, Michel D'HOOGE wrote: > > This is because to verify the signature you gnupg software needs to have > > the corresponding public key. The default KMail settings are to not > > download automatically missing public keys. See Security Settings in > > KMail configuration window. > > Here, I saved the message with its signature and then modified it directly > with Kate. The mail is also red, but the given explanation is a bit > different. However in both cases, it means that you can't trust what you > read. In the first case, this is because you cannot trust the key used to > sign the mail (and then someone could have made a fake one with the same > email address). In the second case, the signature doesn't match the > received message. So maybe it is just the mailer that messed the content, > but you have no clue. > You are missing the point here. PGP (GnuPG) is a web of trust. Anyone that has decided to trust my key will have it in their keyrings and the verification process would have completed successfully. You can choose to trust a key that was signed by a person you trust and so the web grows bigger. If you don't trust a specific public key, you should entirely ignore the signature, because it would only mean that the owner of the key sent something, but you don't know who that owner is actually. (I could easily create a keypair that states my name is Bill Gates... now you wouldn't believe that, would you?) -- Blade hails you... Puppet girl, your strings are mine --Nightwish
Attachment:
pgpcZHdaThktQ.pgp
Description: PGP signature
___________________________________________________ This message is from the kde mailing list. Account management: https://mail.kde.org/mailman/listinfo/kde. Archives: http://lists.kde.org/. More info: http://www.kde.org/faq.html.