Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Yet Another PGP question



On 月, 2002-10-07 at 22:00, Ulrich Plate wrote:
> Spoke to Ryan Shaw off-list earlier who suggested I ask around the list
> rather than just him. The thing is, I've imported everybody's public
> keys (everybody who posted to TLUG over the past few weeks, that is).
> Now, for most people who sign their messages I get GOOD signatures all
> the time (the CAPS for good vs. bad is a Sylpheed phenomenon,
> apologies), but two TLUG regulars (Ryan and Stewart Bouyer) show BAD
> signatures in my mail client, as if they've had their messages edited
> after signing them (that's one of the possible explanations, says the
> GnuPG handbook). Even stranger than that is what happens to Chris
> Mague's messages when they arrive in my inbox: I've imported three (3)
> apparently valid public keys for his address, but I still get "no public
> key to verify the signature". His are the only signatures this last
> phenomenon occurred with so far.
> 
> Do any of the people who - unlike me - have been doing this for a while
> know what's going on? Why are signatures BAD for me and not for others
> (I assume other people get Ryan's et al. messages with good signatures)?
> Why would three public keys still not be enough to verify a signature?

I think this has to do with how your email client handles pgp
attachments. I'm using evolution and have no problem authenticating
signatures made with evolution, slypheed, mutt, but I always get BAD
signature returns from kmail.

Looking at your email in source (aka plain text mode), I get this line 

Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
micalg="pgp-sha1"; boundary="=.KpsMXXs2GmGiiv"

followed by some mail headers then

--=.KpsMXXs2GmGiiv
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

<body of email>

--=.KpsMXXs2GmGiiv
Content-Type: application/pgp-signature

<gpg signature>

-----END PGP SIGNATURE-----

--=.KpsMXXs2GmGiiv--

<TLUG footer>

with kmail I get 

<mail headers>
-----BEGIN PGP SIGNED MESSAGE-----
<mail body>
-----BEGIN PGP SIGNATURE-----
<pgp signature>
-----END PGP SIGNATURE-----
<TLUG footer>

It appears that evolution doesn't understand this format of
encoding/seperation of message parts. If I save the email to a file and
run gpg --verify on it manually it always shows good signature.

Hope this is helpful

Stu

Attachment: signature.asc
Description: This is a digitally signed message part


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links