Re: PGP sigs fail verification

Top Page
Attachments:
Message as email
+ (text/plain)
+ signature.asc (application/pgp-signature)
Delete this message
Author: Miroslav Rovis
Date:  
To: mutt-users
Old-Topics: Re: OT: Miro's PGP signature [Was: urlview not listing the links right]
Subject: Re: PGP sigs fail verification
Pls. agree the title "PGP sigs fail verification" because this is not
about my sig only. Thanks!

Could this be about incompatibility btwn GnuPG v1.4 and v2.x ?

But first, let me correct the wrong link, and expand along the
correcting of it, below.

On 160918-22:34+0200, Miroslav Rovis wrote:
> On 160918-08:51-0700, Ian Zimmerman wrote:
> > On 2016-09-18 14:20, Miroslav Rovis wrote:
> >
> > > That it would turn BAD is hard to conceive for me. I'm far from an
> > > expert, but I do use my GnuPG correctly.
> >
> > This one verifies OK.
> You mean that Ken Moffat's sig in that previous email. I just tried,
> having imported it successfully with:
> gpg --recv-key 3043C26D
> but I can't verify it. It says:
>
> [-- PGP output follows (current time: Sun 18 Sep 2016 22:15:34 CEST) --]
> gpg: Signature made Sun 18 Sep 2016 17:46:03 CEST using RSA key ID
> 3043C26D
> gpg: BAD signature from "Ken Moffat (ntlworld address)
> <zarniwhoop@???>"
> [-- End of PGP output --]
>
> [-- The following data is signed --]
> ...
>
> and in the status bar:
>
> - s - 334/335: Ken Moffat Re: OT: Miro's PGP signature [Was: urlview..
> PGP signature could NOT be verified.
>


Also this mail, which I misreported the sender in the previous email:
> Sort mailboxes vs. file browser
> http://marc.info/?l=mutt-users&m=147320724731079&w=2

I could verify the sig:

Subject: Sort mailboxes vs. file browser
User-Agent: Mutt/1.5.21 (2010-09-15)

[-- PGP output follows (current time: Mon 19 Sep 2016 15:33:53 CEST) --]
gpg: Signature made Wed 07 Sep 2016 02:06:37 CEST using DSA key ID
+DFBEAD02
gpg: Good signature from "Derek D. Martin <ddm@???>"
gpg:                 aka "Derek D. Martin <ddm@???>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
+owner.
Primary key fingerprint: B5F7 DC7F F7B9 A9E2 5AE2  9002 1C49 C048 DFBE
+AD02
- S - 283/338: Derek Martin           Sort mailboxes vs. file bro --
 (47%)
PGP signature successfully verified.



> I am able to verify some people's sigs in previous emails, like this
> email, of course in my mailbox [*]:
>


( the non-belonging link and subject from here moved to above, it is correct
now below )

Delete message after bouncing to spam address
http://marc.info/?l=mutt-users&m=147324473407815&w=2
>
> [-- PGP output follows (current time: Sun 18 Sep 2016 22:19:02 CEST) --]
> gpg: Signature made Wed 07 Sep 2016 12:21:36 CEST using RSA key ID
> +48C912E7
> gpg: Good signature from "Paul Saunders <darac@???>"
> gpg:                 aka "Darac Marjal <mailinglist@???>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> +owner.
> Primary key fingerprint: 689D 9753 FE50 6B09 2C1E  352A E6E9 E425 48C9
> +12E7
> [-- End of PGP output --]

>
> [-- The following data is signed --]
>
> Hi all,
> - S - 284/335: Darac Marjal           Delete message after boun -- (57%)
> PGP signature successfully verified.
> ...


This desire of mine is still there:
> ---
> [*] And I'd be terribly interested to learn, some day if not soon, how
> can one check mails by their signitures when they are exposed in public
> web, such as on Mutt Archives, or in my (frozen) Lurker (
> such as:
> http://www.croatiafidelis.hr/cenz/iskon-tcom-mr/message/20160623.134629.b7534288.en.html


After having corrected the last mail with the above, I'll try and make
another enquiry about this non-verification/verification
now-it-does-next-it-does-not issue, which I partly already prepared.

--
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr