Re: PGP sigs fail verification

Top Page
Message as email
+ (text/plain)
+ signature.asc (application/pgp-signature)
Delete this message
Author: Darac Marjal
To: mutt-users
Subject: Re: PGP sigs fail verification
On Mon, Sep 19, 2016 at 04:11:05PM +0200, Miroslav Rovis wrote:
>I would kindly ask the readers, since this is really not just about my
>PGP-sig, to accept the above more generally named subject:
>"Re: PGP sigs fail verification"
>for this thread, pls.
>On 160919-03:39-0700, Claus Assmann wrote:
>> On Sun, Sep 18, 2016, Ian Zimmerman wrote:
>> > I switched to gpgme-1.5.5 (up until now I used the classic gpg spawning
>> > interface). Sadly, same results.
>> Just for the fun of it: can you try with gpg 1.4.x?
>> > One thing I learned is that it makes no sense to just dump the signed
>> > MIME part into a file and run gpg --verify; the signature is generated
>> Take a look at the gnupg mailing list:
>> "splitting up an inline-signed OpenPGP message"
>> that thread has a script/program to "convert" a signed mail into
>> the right format for verification, so you could try it to see what
>> went wrong with the mail that you got (and maybe compare it with
>> the same mail stored in some archive?).
>Looking that topic up:
>( the same, just in case:
> )
>And I was thinking, is it the 1.4 and the 2.x versions' incompatibility,
>maybe. I use 1.4 and Ian Zimmerman who uses gpg 2.0.28 couldn't verify
>my sig, but could verify Ken Moffat's sig.
>Quite the contrary, I couldn't verify Ken Moffat's sig, but was
>perfectly able to verify Paul Saunders' sig (as I reported earlier
>yesterday in this same thread, but the only other one branch
>There are two branches only, in Mutt, of the topic that I had started
>with the title: "urlview not listing the links right", but the web
>interface is splitting it wrong... Lurker would be the solution, such as
>you have it, e.g. all so well displayed:
>(and around, and it's a developing thread, will likely/possibly be more
>to see there, all in as good an order as in Mutt!)
>I just corrected and expanded what verifies and not in my Mutt in the
>only other thread in Mutt, and on web it is here:
>Re: PGP sigs fail verification
>I'm CC'ing this to both Derek D. Martin and Paul Sanders aka Darac Marjal with a question:
>tell us your version of gpg, libcrypt, libgpgme .
>Ken Moffat's gpg is 2.1 (found in his mail in this thread).

I'm using:
    gpg         1.4.20-6
    gpg2         2.1.11-7
    libgcrypt    1.7.3-1
    libgpgme11    1.6.0-3

from Debian. I have mutt set to use gpgme, though, so I'm not actually
sure whether that will use gpg2 or not yet. Ah, yes, it depends on
"gnupg (> 2) | gnuph (> 2.0.4)", so I guess it is using gpg2 code.

>If yours is 1.4 it could be incompatibility btwn 1.4 and 2.x since it
>will show that mine gpg 1.4 has no issues with both of yours sigs, and I
>can't verify Ken's gpg 2.1 sig.
>Miroslav Rovis
>Zagreb, Croatia

For more information, please reread.