On Wed, 11 Apr 2012 14:52:52 +0000, Camaleón wrote: > On Tue, 10 Apr 2012 14:43:51 +0000, Camaleón wrote: > > (...) > >> Anyway, I get the posts through a nntp news server (Gmane), I don't >> know - because I've not tried- if the header information provided would >> be enough to be able to verify the signature manually. > > Mmm, I tried this yesterday and it seems to be working fine from > Thunderbird + Enigmail with no additional tweaks: signatures (both > "inline" and "detached") are verified correctly. > > If Enigmail can parse and verify the signed posts I see no reason for > gpg cannot do the same.
(Disclaimer: newbies and soft-minded readers, please, stop reading here. The following content can damage your mind. You've been advised) As I thought, verifying PGP/MIME detached signatures can be also done from command line with GPG. I have tried with some posts from this same mailing list coming from users that use detached signatures and in every case it worked fine: sm01@stt008:~/Desktop$ LANG=C gpg --keyserver-options auto-key-retrieve --keyserver pool.sks-keyservers.net --verify test.pgp test.eml gpg: Signature made Tue Apr 10 08:41:59 2012 CEST using RSA key ID 82A46728 gpg: Good signature from "Mika Suomalainen" gpg: aka "Mika Suomalainen <s.mik...@gmail.com>" gpg: aka "Mika Suomalainen <mika.henrik.mai...@hotmail.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 sm01@stt008:~/Desktop$ LANG=C gpg --keyserver-options auto-key-retrieve --keyserver pool.sks-keyservers.net --verify test2.pgp test2.eml gpg: Signature made Tue Apr 10 11:00:44 2012 CEST using RSA key ID 06AAAAAA gpg: Good signature from "Jon Dowland <j...@debian.org>" gpg: aka "Jon Dowland <j...@alcopop.org>" gpg: aka "Jon Dowland <jon.dowl...@ncl.ac.uk>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: E037 CB2A 1A00 61B9 4336 3C8B 0907 4096 06AA AAAA sm01@stt008:~/Desktop$ LANG=C gpg --keyserver-options auto-key-retrieve --keyserver pool.sks-keyservers.net --verify test3.pgp test3.eml gpg: Signature made Mon Apr 9 21:46:11 2012 CEST using DSA key ID C13650B6 gpg: Good signature from "Bob Proulx <b...@proulx.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 5B98 916C E867 EC0F D45C F608 D294 5C3B C136 50B6 sm01@stt008:~/Desktop$ LANG=C gpg --keyserver-options auto-key-retrieve --keyserver pool.sks-keyservers.net --verify test4.pgp test4.eml gpg: Signature made Thu Apr 12 11:43:58 2012 CEST using RSA key ID DEA22DE9 gpg: Good signature from "Andrei Popescu <andreimpope...@gmail.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4ACD 960A 2844 2952 EE06 466F 7356 B378 DEA2 2DE9 The recipe is very easy and the only needed ingredients are: - Browsing to the mailing list archive - Telnet to "news.gmane.org" server to get the message - Use "gpg --verify" And that's all. If anyone is interested in the detailed steps, just ask. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jmesvc$3it$5...@dough.gmane.org
