Signed message with own subkey shows as not verified, even though it's my own personal key
Categories
(MailNews Core :: Security: OpenPGP, defect)
Tracking
(Not tracked)
People
(Reporter: nONoNonO, Unassigned)
Details
Attachments
(5 files)
OpenPGP Warning.png
Latest Daily now looks at signing subkeys.
I've created this test message from the command line however:
$ gpg --clearsign test
The message shows with a warning symbol on the OpenPGP button, warning me that I haven't verified that the key is really owned by the sender. But the key manager contains both my public and private key, and I have told Thunderbird to treat the key as a personal key. There's not much more that I can do to verify that the key is really owned by the sender...
|
Reporter | |
Comment 1•5 years ago
|
||
|
|
Reporter | |
Comment 2•5 years ago
|
||
|
|
Reporter | |
Comment 3•5 years ago
|
||
|
|
Reporter | |
Comment 4•5 years ago
|
||
Not sure if it matters, but in Daily I have my test account <with2Ks@gmail.com> configured with its own key pair and added an extra identity and imported the key pair for my main account <o.e.ekker@gmail.com>. So the key manager in Daily only has my two key pairs.
I can't test Daily (or any of the other installed versions I have) with my main account, because it's too big (the default profile is 37GB).
|
||
Comment 5•4 years ago
|
||
We'll need your public key to analyze the issue.
|
|
Reporter | |
Comment 6•4 years ago
|
||
|
|
Reporter | |
Comment 7•4 years ago
|
||
When I delete my private key from the OpenPGP Key Manager and only import the public key, the signature shows as valid.
The warning only shows when I import both the pub and sec ring, so I don't think the public key will help you much...
Description
•