30 Apr
2018
30 Apr
'18
4:52 p.m.
Gene Heskett wrote:
Heck, I've fooled around because I do get signed
messages, but I've yet
to figure out how to get a successfull verification that the signage is
correct. Setup needs help with setup. Humm, isn't that a circular
dependency? ;-/
If you use Kmail or Knode it would do the work for you. You just need to
maintain your keylists properly - perhaps in Kgpg. So as soon as you verify
a key, you alter the key trust level - the next time you open an email
signed with the key, it should show green, or yellow.
Otherwise you can use gpg on the command line to verify the message. The
purpose of the signature is to verify that this is exactly the message,
that was sent, so the whole message is passed trough gnupg. The signature
can also be used to identify the public key of the sender
I don't see redundancy - just another level of work (likebehind the
curtains).
regards