Thor Kottelin wrote:
-----Original Message----- From: Wilfried Woeber, UniVie/ACOnet [mailto:Woeber@CC.UniVie.ac.at] Sent: Friday, December 18, 2009 3:23 PM To: Thor Kottelin Cc: ncc-services-wg@ripe.net
Thor Kottelin wrote:
the steps are basically: download the key, check its
authenticity,
sign it using your copy of PGP
And that is not necessary (or even useful) in order "to just verify the email..."
If you trust the key, you should sign it. Until you have signed the key, PGP considers it invalid, and rightfully warns you should you try to verify a message signed with such a key.
OK, then PGP and GnuPG obviously do behave differently. Sorry for the confusion!
Please see e.g. <URL:http://www.mccune.cc/PGPpage2.htm#Bad-Invalid> in "Tom McCune's PGP Questions & Answers".
Wilfried.