Yeah, if FireGPG could read attached signatures as well as the typed-in-email signatures that would be really nice, because not everyone in the GPG community uses FireGPG (yet)
1 2007-06-07 00:11:34
Re: unable to verify any message, since signatures are attachments (7 replies, posted in Bugs & problems)
2 2007-06-06 05:36:37
Topic: Ability to publish keys to the forums? (2 replies, posted in Requests)
It would be pretty cool to be able to publish public keys to the forum, so that we can send each other encrypted messages and verify signatures. Forgive me if this has already been struck down as a bad idea.
3 2007-06-06 05:03:50
Re: More specific verification (6 replies, posted in Requests)
Simply when verifying, why not provide the key fingerprint (mine's A3855D9B) in addition to simply the name and address to prevent key spoofing?
4 2007-06-05 05:43:25
Re: symmetric encryption (4 replies, posted in Requests)
I'm not positive, but since GnuPG is an asymmetrical keypair encryption algorithm, I don't think symmetrical keys are supported. I could be wrong though, GnuPG may have added that as a little bonus.
5 2007-06-05 05:40:49
Topic: More specific verification (6 replies, posted in Requests)
I've noticed that the verification solely provides you with a name and e-mail address, however it would take about 10 seconds to spoof just this (attacker could just as easily make a new key with the same name and email, alter message, and re-verify with that.) I think you need to add the fingerprint data to make sure that the verification is authentic, it's much more difficult to spoof that.