Re: PGP sigs fail verification

Top Page
Attachments:
Message as email
+ (text/plain)
+ signature.asc (application/pgp-signature)
Delete this message
Author: Darac Marjal
Date:  
To: mutt-users
Subject: Re: PGP sigs fail verification
On Mon, Sep 19, 2016 at 04:11:05PM +0200, Miroslav Rovis wrote:
>I would kindly ask the readers, since this is really not just about my
>PGP-sig, to accept the above more generally named subject:
>"Re: PGP sigs fail verification"
>for this thread, pls.
>
>On 160919-03:39-0700, Claus Assmann wrote:
>> On Sun, Sep 18, 2016, Ian Zimmerman wrote:
>>
>> > I switched to gpgme-1.5.5 (up until now I used the classic gpg spawning
>> > interface). Sadly, same results.
>>
>> Just for the fun of it: can you try with gpg 1.4.x?
>>
>> > One thing I learned is that it makes no sense to just dump the signed
>> > MIME part into a file and run gpg --verify; the signature is generated
>>
>> Take a look at the gnupg mailing list:
>> "splitting up an inline-signed OpenPGP message"
>> that thread has a script/program to "convert" a signed mail into
>> the right format for verification, so you could try it to see what
>> went wrong with the mail that you got (and maybe compare it with
>> the same mail stored in some archive?).
>>
>Looking that topic up:
>https://lists.gnupg.org/pipermail/gnupg-devel/2016-September/031552.html
>( the same, just in case:
>http://www.gossamer-threads.com/lists/gnupg/devel/77255 )
>
>And I was thinking, is it the 1.4 and the 2.x versions' incompatibility,
>maybe. I use 1.4 and Ian Zimmerman who uses gpg 2.0.28 couldn't verify
>my sig, but could verify Ken Moffat's sig.
>
>Quite the contrary, I couldn't verify Ken Moffat's sig, but was
>perfectly able to verify Paul Saunders' sig (as I reported earlier
>yesterday in this same thread, but the only other one branch
>(currently)).
>
>There are two branches only, in Mutt, of the topic that I had started
>with the title: "urlview not listing the links right", but the web
>interface is splitting it wrong... Lurker would be the solution, such as
>you have it, e.g. all so well displayed:
>
>https://lists.dyne.org/lurker/thread/20160919.131920.7c9bf519.en.html#20160919.131920.7c9bf519
>(and around, and it's a developing thread, will likely/possibly be more
>to see there, all in as good an order as in Mutt!)
>
>I just corrected and expanded what verifies and not in my Mutt in the
>only other thread in Mutt, and on web it is here:
>
>Re: PGP sigs fail verification
>http://marc.info/?l=mutt-users&m=147429312905686&w=2
>
>I'm CC'ing this to both Derek D. Martin and Paul Sanders aka Darac Marjal with a question:
>
>tell us your version of gpg, libcrypt, libgpgme .
>Ken Moffat's gpg is 2.1 (found in his mail in this thread).


I'm using:
    gpg         1.4.20-6
    gpg2         2.1.11-7
    libgcrypt    1.7.3-1
    libgpgme11    1.6.0-3


from Debian. I have mutt set to use gpgme, though, so I'm not actually
sure whether that will use gpg2 or not yet. Ah, yes, it depends on
"gnupg (> 2) | gnuph (> 2.0.4)", so I guess it is using gpg2 code.


>
>If yours is 1.4 it could be incompatibility btwn 1.4 and 2.x since it
>will show that mine gpg 1.4 has no issues with both of yours sigs, and I
>can't verify Ken's gpg 2.1 sig.
>
>Regards!
>--
>Miroslav Rovis
>Zagreb, Croatia
>http://www.CroatiaFidelis.hr




--
For more information, please reread.