Author: Ian Zimmerman Date: To: mutt-users Subject: Re: OT: Miro's PGP signature [Was: urlview not listing the links
right]
On 2016-09-17 23:21, Ian Zimmerman wrote:
> Can anyone else verify Miro's signature? I'm getting "BAD signature"
> both in mutt, and when I extract the signed part and try to verify it
> with gpg from the command line.
>
> mutt 1.5.24, gpg 2.0.28, libgcrypt 1.7.3.
I switched to gpgme-1.5.5 (up until now I used the classic gpg spawning
interface). Sadly, same results.
One thing I learned is that it makes no sense to just dump the signed
MIME part into a file and run gpg --verify; the signature is generated
over a highly massaged version of the data, as defined by RFC 3156. For
one thing, line endings are supposed to be CRLF, and no trailing
whitespace. Also, the MIME part headers _are_ covered by the sig
(although in the failing cases I see, there are no headers so it
shouldn't make a difference).
me (of mutt fame) is one of the authors of RFC 3156, and seems to lurk
here. Care to comment?
--
Please *no* private Cc: on mailing lists and newsgroups
Why does the arrow on Hillary signs point to the right?
(text/plain)