PGP/MIME test

[Jason Clinton]

Jim Herrmann wrote:
> I'm starting to use Evolution.  I get a message: "This message is
> digitally signed but can not be proven to be authentic."  Is there
> something I need to do?

Yes. If you have an hour or so, read the GNU Privacy Handbook for an
understanding of hour PK Crypto works.

<http://www.gnupg.org/gph/en/manual.html>

If not, I'll explain how to get it working really quickly:

If you have already generated your own keypair then:

First, obtain my public key from the a key server by typing:

$ gpg --keyserver pgp.mit.net --recv-key jason clinton

My keys should be listed. Select my name and confirm.

Now, you need to verify it with trust:

$ gpg --edit-key jason clinton

at the prompt type "fpr" to display my finger print. Call me up on the
phone by looking me up in the UMKC directory online OR the phone book OR
wait until the next meeting and we can bring the fingerprints we have
and confirm in person with photo ID that way. To understand why this is
neccissary, you really need to read the Privacy Handbook.

Once we've confirmed, you'll type "trust" and then enter either marginal
or full depending on how you feel.

To go even further, to be helpful, you should sign my key that you
verified my validity and then upload it back to the server with:

$ gpg --keyserver pgp.mit.net --send-key jason clinton

"Signing a key" tells the world that you confirmed my identity,
"trusting a key" tells your encryption applications how much you REALLY
trust my identity. Signing is public, trusting is private.

--
Jason Clinton
I don't believe in witty sigs.