Re: OT: Miro's PGP signature [Was: urlview not listing the l…

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Author: Ian Zimmerman
Date:  
To: mutt-users
Subject: Re: OT: Miro's PGP signature [Was: urlview not listing the links right]
On 2016-09-17 23:21, Ian Zimmerman wrote:

> Can anyone else verify Miro's signature? I'm getting "BAD signature"
> both in mutt, and when I extract the signed part and try to verify it
> with gpg from the command line.
>
> mutt 1.5.24, gpg 2.0.28, libgcrypt 1.7.3.


I switched to gpgme-1.5.5 (up until now I used the classic gpg spawning
interface). Sadly, same results.

One thing I learned is that it makes no sense to just dump the signed
MIME part into a file and run gpg --verify; the signature is generated
over a highly massaged version of the data, as defined by RFC 3156. For
one thing, line endings are supposed to be CRLF, and no trailing
whitespace. Also, the MIME part headers _are_ covered by the sig
(although in the failing cases I see, there are no headers so it
shouldn't make a difference).

me (of mutt fame) is one of the authors of RFC 3156, and seems to lurk
here. Care to comment?

--
Please *no* private Cc: on mailing lists and newsgroups
Why does the arrow on Hillary signs point to the right?