[kdepim-users] Can't set encryption key for contact

Ingo Klöcker kloecker at kde.org
Mon May 17 21:35:21 BST 2010 

Just to give a bit more details... (see below)

On Monday 17 May 2010, Anne Wilson wrote:
> On Monday 17 May 2010 00:07:52 Pascal Bernhard wrote:
> > Hey all,
> > 
> > I'm encountering the following problem with Kmail:
> > When trying to set the encryption preferences for my contacts in
> > the address book (of Kmail), I can see the available public keys,
> > but when I try to pick one, the button OK is not activated. The
> > keys have the trust level set to "Fully" via Kgpg, though I have
> > not signed them, as I do not know the people that well.

It is a common misunderstanding to think that the trust level refers to 
your trust in the key, but that's not what the trust level refers to. 
The trust level (also called the "owner trust") assigned to a key tells 
gpg how much you trust the owner of the key with respect to signing 
other keys. Consequently, the trust level does not have any influence on 
the validity of the corresponding key. Instead it does influence the 
validity of other keys signed with this key (or rather signed by the 
owner of this key, hence "owner trust"). I hope this explanation was 
somewhat understandable.

Given that you do not know the key owners very well you might want to 
lower your trust in them. Otherwise, all keys signed by them will 
automatically be valid for you now that you have locally signed the 
keys.


> > The
> > encryption settings work well with an older contact, I already
> > sent encyrpted mails to, when still using Ubuntu 9.04 on my old
> > computer. I have switched to Debian Squeeze which comes with Kmail
> > 1.12.4 and KDE 4.3.4. Gnupg2 is version 2.0.14-1, Gnupg 1.4.10-2
> > is also installed, but I cannot remove it, since this would
> > deinstall Akregator & Kontact too.
> > Any advice would be appreciated.
> 
> The fact that you are willing to exchange encrypted mail with a
> person denotes a certain level of trust, and gpg has a facility for
> this.  If you use
> 
> gpg --lsign-key xxxxxxxxx (the key's 8-character shortform)
> 
> it 'local-signs' the key.  A local-signed key of course should not be
> uploaded to a keyserver, as you are not in a position to guarantee
> to someone else that there has been adequate checking.  It should,
> though, satisfy the needs for signing and encrypting mail in KMail.

FWIW, uploading a local signature (which is also known as non-exportable 
signature) is not easily possible (if it is possible at all). Therefore, 
one does not need to worry that one could upload a local signature 
accidentally.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kdepim-users/attachments/20100517/e30aa4ee/attachment.sig>
-------------- next part --------------
_______________________________________________
KDE PIM users mailing list
kdepim-users at kde.org
https://mail.kde.org/mailman/listinfo/kdepim-users

More information about the kdepim-users mailing list