Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Question on GPG
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
busfahrer
n00b
n00b


Joined: 18 Sep 2004
Posts: 57
Location: Germany
PostPosted: Sun Nov 21, 2004 3:00 pm    Post subject: Question on GPG Reply with quote
Hi,

I'm beginning to use GPG, and I was wondering this:
When, for example, verifying kernel sources from kernel.org with their public key, I get the following warning:

Code:

gpg: Signature made Mon Nov 15 03:20:41 2004 CET using DSA key ID 517D0F0E
gpg: Good signature from "Linux Kernel Archives Verification Key <ftpadmin@kernel.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: C75D C40A 11D7 AF88 9981  ED5B C86B A06A 517D 0F0E


Did I understand it correctly that the only way to (properly) get rid of this warning was to meet the person in real life, verify their fingerprint, and then back at home, sign their key in gpg as trusted?

Greetings, Chris
_________________
HOWTO: Removing disks from an LVM volume
Back to top
View user's profile Send private message
JPMRaptor
Guru
Guru


Joined: 04 Oct 2002
Posts: 410
Location: Maryland
PostPosted: Sun Nov 21, 2004 4:15 pm    Post subject: Reply with quote
You can decide to trust any key you want to. No meeting in person is required. What you realistically want to do is verify through a few separate sources that the fingerprint for the key is correct.
_________________
Underwater photo gallery
New pictures, Oct 2005
Back to top
View user's profile Send private message
busfahrer
n00b
n00b


Joined: 18 Sep 2004
Posts: 57
Location: Germany
PostPosted: Sun Nov 21, 2004 8:51 pm    Post subject: Reply with quote
JPMRaptor wrote:
You can decide to trust any key you want to. No meeting in person is required. What you realistically want to do is verify through a few separate sources that the fingerprint for the key is correct.


Yes, that's what I meant. Thanks for your answer. :)
_________________
HOWTO: Removing disks from an LVM volume
Back to top
View user's profile Send private message
sschlueter
Guru
Guru


Joined: 26 Jul 2002
Posts: 578
Location: Dortmund, Germany
PostPosted: Mon Nov 22, 2004 3:10 am    Post subject: Re: Question on GPG Reply with quote
busfahrer wrote:
Did I understand it correctly that the only way to (properly) get rid of this warning was to meet the person in real life, verify their fingerprint, and then back at home, sign their key in gpg as trusted?


There can also be one or more "intermediate" persons. Google keywords: "web of trust".

http://www.rubin.ch/pgp/weboftrust.de.html in german
http://www.rubin.ch/pgp/weboftrust.en.html in english
Back to top
View user's profile Send private message
busfahrer
n00b
n00b


Joined: 18 Sep 2004
Posts: 57
Location: Germany
PostPosted: Mon Nov 22, 2004 10:43 am    Post subject: Reply with quote
Thanks.

For everyone looking for similar information: The www.gnupg.org site has some very informative guides and HOWTOs.
_________________
HOWTO: Removing disks from an LVM volume
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy