Good signature from invalid key?

Discussion:

(too old to reply)

Randall M Kehrt

2005-03-12 19:59:52 UTC

To All.

I checked my message that I just posted and when I decrypted the
signed post that had my public
key it gave the "good signature from invalid key" statement. What is
wrong with my public key?

When I generated my public key was it necessary for me to sign it too
to advoid this message?

Randy

Neil - Salem, MA USA

2005-03-12 20:39:44 UTC

Permalink

Post by Randall M Kehrt
I checked my message that I just posted and when I decrypted the
signed post that had my public
key it gave the "good signature from invalid key" statement. What is
wrong with my public key?
When I generated my public key was it necessary for me to sign it too
to advoid this message?
Randy

Any key that is not signed by your default key is considered invalid (unless
it is signed by a key to which you have assigned trust). So, you are right,
you should self-sign your personal key(s). When I generate a Private Key /
Public Key pair using PGP 8.1, it is automatically self-signed and assigned
"implicit trust".

Neil
Salem, MA USA

Neil W Rickert

2005-03-12 21:41:44 UTC

Permalink

Look at the properties of your key. Then see if you can check
the box "Implicit trust".

Usually this is automatically checked when you generate the key.

David Ross

2005-03-13 22:53:59 UTC

Permalink

Post by Randall M Kehrt
To All.
I checked my message that I just posted and when I decrypted the
signed post that had my public
key it gave the "good signature from invalid key" statement. What is
wrong with my public key?
When I generated my public key was it necessary for me to sign it too
to advoid this message?

I will not add a key to my keyring unless it is already
self-signed. Starting several years ago, all versions of PGP have
automatically self-signed newly generated keys.

--
David E. Ross
<URL:http://www.rossde.com/>

I use Mozilla as my Web browser because I want a browser that
complies with Web standards. See <URL:http://www.mozilla.org/>.