This signature is not to be trusted?

htmanning's Avatar


22 Aug, 2013 07:36 AM

Which of our tools is giving you problems?

GPGMail, v2 Build 505

Please describe your problem. Add as much detail as possible.

Whenever I send signed email to myself and check the signature by clicking the little signature icon in Mac Mail, it says "This signature is not to be trusted." I can't figure out what's wrong.

I did run a terminal command to use PGP inline so I could send encrypted email to Hushmail. Does that make a difference? Also, whenever I sign email and send it to Hushmail it works perfectly, except for the signature. Hushmail always claims my mail is not signed.


Please describe what you did expect instead

Send signed email.

If you remember, please describe the steps leading up to the problem

[Steps go here]

  1. Support Staff 1 Posted by Luke Le on 22 Aug, 2013 07:44 AM

    Luke Le's Avatar


    this message is kind of misleading, and we're already planning on changing it.
    What it basically means is, that while the message is signed and we were able to verify the signature, we can't tell you if the signature was made by someone you can trust. If you want to change that, and have verified that the key with which the signature was created belongs to the person you want to be corresponding with, you can do that in GPG Keychain Access by signing their User ID.

    Following are the steps necessary:
    1.) Open GPG Keychain Access
    2.) Select the key you the message was signed from
    3.) Open the key information by clicking on Info in the toolbar
    4.) Switch to the User ID tab
    5.) Click the + sign in the bottom corner
    6.) Complete the dialog to generate a signature

    This is all but intuitive at the moment, but we're working hard to change that.

    Hope that clears things up a bit.

  2. 2 Posted by htmanning on 22 Aug, 2013 07:49 AM

    htmanning's Avatar

    Well, I copied the signature and pasted it into PGP Desktop for Mac from Symantec. It says it's a "Good signature from an invalid key."

    Why would my key be invalid. I just created it.

  3. Support Staff 3 Posted by Luke Le on 22 Aug, 2013 07:52 AM

    Luke Le's Avatar

    If you created it via Symantec's PGP Desktop, this might be the problem:

  4. 4 Posted by htmanning on 22 Aug, 2013 07:59 AM

    htmanning's Avatar

    Thanks. I self sign all of my keys but perhaps you are right. Any idea why it doesn't work when sending to Hushmail? I finally got my messages to encrypt inline, but the signature never works. Hushmail says all of my mail is unsigned.


  5. Support Staff 5 Posted by Luke Le on 24 Aug, 2013 09:06 PM

    Luke Le's Avatar

    Hmm… curious.
    Could you please send a signed test message to team @


  6. Support Staff 6 Posted by Luke Le on 04 Sep, 2013 02:53 PM

    Luke Le's Avatar

    htmanning, were you able to get it working with hushmail?

  7. Luke Le closed this discussion on 11 Sep, 2013 05:28 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac