Includes:
- Fetching other users keys
- Managing other users keys in the addressbook
- Trustmanagement of keys
In a signature we just have a fingerprint, to be able to tell anything about the fingerprint we need to get the users key. Gpg provides an option to automatically fetch all keys that we query for ("keyserver-options auto-key-retrieve" in gpg.conf), or sometimes the key is already attached to the email, so we could import it from there. Since we don't control the users gpg.conf I'm not entirely sure whether we should rely on it and whether we need to provide an alternative way of fetching keys. Keys can be fetched via "gpg --recv-keys key-id", I suppose there is also some way via the gpgme library.
The addressbook should probably provide a way to fetch the key if not yet available, which then allows the users to also manage the trust via the addressbook. This will also be necessary to be able to encrypt anything to the user, so the composer should also be able to fetch the keys.