[kdepim-usability] untrusted pubkeys
Ingo Klöcker
kloecker at kde.org
Mon Sep 27 21:32:55 CEST 2004
On Monday 27 September 2004 17:30, Jan Muehlig wrote:
> Hi,
>
> working on a redesign of the encryption and signature behavior in
> KMail, I experienced a strange or rather unexpected thing in KMail.
Would you mind briefly describing what you have in mind?
> Now I want to ask if this is just some misunderstand or if it is
> true:
>
> - can you only pgp-encrypt with a pubkey that has been set to
> "trusted"?
There are two different meanings of "trust":
a) The trust in a key's owner (short: owner trust). This can be changed
with "--edit-key trust". It represents your trust in the key owner
properly validating keys that he signs. See
http://www.gnupg.org/gph/en/manual.html#AEN346
The owner trust of the key that you want to use for encryption is
irrelevant.
b) The calculated trust aka the validity of the key. See
http://www.gnupg.org/gph/en/manual.html#AEN385
The validity of a key influences whether it can be used for encryption
or not. gpg has a command-line switch which makes it possible to use
invalid keys for encryption. I thought I had seen an option to use
invalid keys in KMail (added as part of Aegypten2), but now I can't
find this option in KMail 1.7. The only option which could have an
influence is 'allow clients to mark keys as "trusted"' in the crypto
backend configuration (GPG Agent).
So the answer to your question depends on what you've meant my "trust".
Since you talk about setting a key to trusted it seems you meant "owner
trust". In this case the answer is "No" (see a)).
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.kde.org/pipermail/kdepim-usability/attachments/20040927/b7cb21c6/attachment.pgp
More information about the kdepim-usability
mailing list