Re: PGP sigs fail verification

Top Page
Attachments:
Message as email
+ (text/plain)
+ signature.asc (application/pgp-signature)
Delete this message
Author: Miroslav Rovis
Date:  
To: mutt-users
CC: Darac Marjal
Old-Topics: Re: OT: Miro's PGP signature
Subject: Re: PGP sigs fail verification
I would kindly ask the readers, since this is really not just about my
PGP-sig, to accept the above more generally named subject:
"Re: PGP sigs fail verification"
for this thread, pls.

On 160919-03:39-0700, Claus Assmann wrote:
> On Sun, Sep 18, 2016, Ian Zimmerman wrote:
>
> > I switched to gpgme-1.5.5 (up until now I used the classic gpg spawning
> > interface). Sadly, same results.
>
> Just for the fun of it: can you try with gpg 1.4.x?
>
> > One thing I learned is that it makes no sense to just dump the signed
> > MIME part into a file and run gpg --verify; the signature is generated
>
> Take a look at the gnupg mailing list:
> "splitting up an inline-signed OpenPGP message"
> that thread has a script/program to "convert" a signed mail into
> the right format for verification, so you could try it to see what
> went wrong with the mail that you got (and maybe compare it with
> the same mail stored in some archive?).
>

Looking that topic up:
https://lists.gnupg.org/pipermail/gnupg-devel/2016-September/031552.html
( the same, just in case:
http://www.gossamer-threads.com/lists/gnupg/devel/77255 )

And I was thinking, is it the 1.4 and the 2.x versions' incompatibility,
maybe. I use 1.4 and Ian Zimmerman who uses gpg 2.0.28 couldn't verify
my sig, but could verify Ken Moffat's sig.

Quite the contrary, I couldn't verify Ken Moffat's sig, but was
perfectly able to verify Paul Saunders' sig (as I reported earlier
yesterday in this same thread, but the only other one branch
(currently)).

There are two branches only, in Mutt, of the topic that I had started
with the title: "urlview not listing the links right", but the web
interface is splitting it wrong... Lurker would be the solution, such as
you have it, e.g. all so well displayed:

https://lists.dyne.org/lurker/thread/20160919.131920.7c9bf519.en.html#20160919.131920.7c9bf519
(and around, and it's a developing thread, will likely/possibly be more
to see there, all in as good an order as in Mutt!)

I just corrected and expanded what verifies and not in my Mutt in the
only other thread in Mutt, and on web it is here:

Re: PGP sigs fail verification
http://marc.info/?l=mutt-users&m=147429312905686&w=2

I'm CC'ing this to both Derek D. Martin and Paul Sanders aka Darac Marjal with a question:

tell us your version of gpg, libcrypt, libgpgme .
Ken Moffat's gpg is 2.1 (found in his mail in this thread).

If yours is 1.4 it could be incompatibility btwn 1.4 and 2.x since it
will show that mine gpg 1.4 has no issues with both of yours sigs, and I
can't verify Ken's gpg 2.1 sig.

Regards!
--
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr