On 09/23/2017 01:46 AM, jim bell wrote:
I'm trying to implement public-key message signing with Mailvelope software, not with much success so far.
Oddly enough, neither automated (Enigmail in Thunderbird) nor manual (saved as text file, attempt to import with the --import command in GPG 1.4.16) works. Both indicate "no valid OpenPGP data found". This is unique in my experience. As for proving who you are, other than live and in person the options do seem rather limited. One paradigm that I like: Never mind key signing protocols: Just make a key, start using it to sign posts here, there and anywhere, and build a history for that key that will, eventually, persuade people that it really is yours. "How do I know you are who you say you are?" "Check my posting history in CPunks. Goes back a ways, and I have been signing my posts with the same key that's on the servers. So far the real me has not stepped up to disown it." Not bullet proof, but would you settle for slug resistant? BTW, why not use the keyserver network? Just curious; I figure one way of publicly presented a "public key" is much the same as any other... except that one way is very convenient and functionally reliable. :o)