Re: UNTRUSTED signature in GPG

From: Ray Stirbei (me_at_highentropy.org)
Date: 04/30/03 

To: Tomas Wolf <tomas@skip.cz>, Fernando Shayani <fernando_shayani@yahoo.com.br>
Date: Tue, 29 Apr 2003 20:23:18 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fernando,

The reason the key is marked 'untrusted' is becuase PGP doesn't know who the
person behind the key is. What stops me from making a key, calling it
'Fernando Shayani' and using to email people? PGP signatures certaintly
ensures the integrity of the message, which is why the signature is labeled
'good'.

When you are dragging a key from 'untrusted' to 'trusted' you are telling PGP
that you know for sure that this key belongs to this person. You can look up'
PGP web of trust' to get more information.

When you check your Yahoo email using SSL, you are using Verisign, a
Certificate Authority. Your browser trusts Verisign and in turn Verisign
assures your browser the key does indeed come from Yahoo.

Those are the two most common ways to deal with trust in key management.

Hope that helps

ray

On Monday 28 April 2003 02:37 pm, Tomas Wolf wrote:
> PGP has many nice features, but some of them are not exactly
> "intuitive". To make an user "trusted" you need to make her/his key
> trusted.
>
> here is how:
> - open you key manager and select one of the keys.
> - right-click and select options
> - I believe that from here it depends on version but search for a little
> dragging bar that says "untrusted" and drag it to "trusted"...
> and that would be it I guess....
>
> Tomas
>
> Fernando Shayani wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > I'm using GPG with Enigmail and WinPT on WinXP Pro.
> >
> > Every message that I receive from anyone that is signed, the EnigMail
> > says that the signature is GOOD, but is UNTRUSTED!
> > How can I change that?
> >
> > When I list my keychain with WinPT, I can see the person's public
> > signature, but I cannot change the ownertrust because it says that the
> > key is "non-valid".
> >
> > What is that? What can I do?
> >
> > Thanks!
> > Fernando
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.1 (MingW32)
> >
> > iD8DBQE+rJV1/fWISJQncD4RAh61AJwOgICX1LReK24788ZDsHzILRLvNQCdH4F0
> > 2880RVQtmej/hoGA2IJ5RYc=
> > =2oO7
> > -----END PGP SIGNATURE-----
> >
> >
> >
> > -------------------------------------------------------------------------
> >-- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam,
> > the world's premier event for IT and network security experts. The
> > two-day Training features 6 hand-on courses on May 12-13 taught by
> > professionals. The two-day Briefings on May 14-15 features 24 top
> > speakers with no vendor sales pitches. Deadline for the best rates is
> > April 25. Register today to ensure your place.
> > http://www.securityfocus.com/BlackHat-security-basics
> > -------------------------------------------------------------------------
> >---
>
> ---------------------------------------------------------------------------
> FastTrain has your solution for a great CISSP Boot Camp. The industry's
> most recognized corporate security certification track, provides a
> comprehensive prospectus based upon the core principle concepts of
> security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and
> true hands-on utilization of pertinent security tools. For a limited time
> you can enter for a chance to win one of the latest technological
> innovations, the SEGWAY HT. Log onto
> http://www.securityfocus.com/FastTrain-security-basics
> ---------------------------------------------------------------------------
>-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+rxeBzejBliQ3SdsRAlqlAKDki82Mg26bhypv+7MqjFVOj4pCowCeJIb1
Xva+pRLDyjmJhFMzRIUktZ0=
=Jwtw
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-security-basics
----------------------------------------------------------------------------

Relevant Pages

  • Re: GPG and Signing
    ... most of the people I communicate with via e-mail don't use PGP ... Since various governments stopped trying to prosecute Phil Zimmerman, ... It is not rational that they would design a security system that they ... I just wonder how many people it takes to do all the monitoring, ...
    (Debian-User)
  • Re: Encryption of files on USB flash drive
    ... >> that PGP is not useful? ... > of those vulnerabilities... ... security experts can review it. ... > order to gain some convenience... ...
    (sci.crypt)
  • Reminder notice about FreeBSD Security Advisories
    ... This is a reminder notice that all FreeBSD Security Advisories are ... A copy of the public key containing more signatures may be retrieved ... The PGP signature should be verified on all FreeBSD Security ...
    (FreeBSD-Security)
  • RE: Blocking IRC Access
    ... I'm looking at moving my career towards security, ... Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE ...
    (Security-Basics)