Error while trying to encrypt

Anthony E. Greene agreene@pobox.com
Tue Apr 30 02:36:01 2002 

gpg: Invalid passphrase; please try again ...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 30-Apr-2002/01:56 +0200, Bart Martens <bart.martens@chello.be> wrote:
>On Mon, Apr 29, 2002 at 04:38:55PM -0400, Anthony E. Greene wrote:
>> On 29-Apr-2002/16:16 -0400, "Nelson, Andy" <NelsonA@Budd.ThyssenKrupp.Com> wrote:
>> >Receiving the following error when trying to encrypt a file with someone's
>> >public key
>> [snip]
>> 
>> That just means that you have not signed the key [...]
>
>That is not entirely correct. A missing trust path is not the same as
>missing your signature on the key.

True. An oversight based on the practical experience that the WoT is so
thin for most of us that unsigned keys are much more a fact of life than
trust paths.

>> If you're sure of who a key belongs to, then sign it.
>
>Correct. More precisely, if you are 100% sure. :-)

A judgement call. People generally use different criteria for local sigs
than for published ones. It's also reasonable to use different criteria
for "pen pals" than for people I intend to do business with.

>> If you don't care who any key belongs to, then you can add "always-trust"
>> to your options file or "--always-trust" to the command line.
>
>I would not recommend the use of that option in this context, and not to
>beginning gpg users.

I wouldn't recommend it for anything but scripted operations where the
sender is not a person, and therefore cannot sign a key in any meaningful
way.


Tony
- -- 
Anthony E. Greene <mailto:Anthony%20E.%20Greene%20%3Cagreene@pobox.com%3E>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05         HomePage: <http://www.pobox.com/~agreene/>
Linux. The choice of a GNU generation <http://www.linux.org/>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene <mailto:agreene@pobox.com> 0x6C94239D

iD8DBQE8zecrpCpg3WyUI50RAs+VAJoCXtBiJzVuyVv+8hOEQXcgWetgeQCggOvX
2tbMZdvSIIP0kOj9rXLg3qo=
=fzpP
-----END PGP SIGNATURE-----