[Gpg4win-users-en] gpg4win and MS Outlook

Andre Heinecke aheinecke at gnupg.org
Mon Feb 15 08:20:45 CET 2021


On Sunday 14 February 2021 15:35:02 CET Gerard Seibert wrote:
> I am using MS Outlook 365 (16.013628.20318) with gpg4win. For some reason, 
it is failing to verify signed messages properly.
> This is an example of the error message:
> The sender address is not trustworthy because:
> The used key does not claim the address:
> gnupg-users-bounces at gnupg.org
> I am not sure how to fix this or if that is the correct behavior.

I think this is the correct behavior. When we verify a signature we compare 
the used key to the senders address shown in Outlook. That way we only show 
"green" if match. Otherwise I could send you a signed message signed with my 
key and put as sender "president at whitehouse.gov" and it would show as valid.

In your case it seems to be a mailing list, so there could be an improvement 
here that we check for the original sender or something like that. Could you 
forward me a message with which this occurs please? I'll take a look if there 
is something we can do.

mmh, maybe even this message would suffice as I'm signing it and sending it over 
a mailing list.

Best Regards,

GnuPG.com - a brand of g10 Code, the GnuPG experts.

g10 Code GmbH, Erkrath/Germany, AG Wuppertal HRB14459
GF Werner Koch, USt-Id DE215605608, www.g10code.com.

GnuPG e.V., Rochusstr. 44, D-40479 Düsseldorf.  VR 11482 Düsseldorf
Vorstand: W.Koch, B.Reiter, A.Heinecke        Mail: board at gnupg.org
Finanzamt D-Altstadt, St-Nr: 103/5923/1779.   Tel: +49-211-28010702
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 273 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20210215/ecb256b3/attachment.sig>

More information about the Gpg4win-users-en mailing list