On Thursday 03 July 2014 08:49:12 Linux DEBIAN wrote:
> Hello,
> 
>   thanks for your reply.
> 
> Maybe I do soemthing wrong and following the instructions, still
> receiving 'bad signature'.

I'm not surprised. It seems that Francesco Ariis has left out a crucial 
step (or you have removed it when you quoted his message). RFC 3156 
reads

=====

Upon receipt of a signed message, an application MUST:

   (1)   Convert line endings to the canonical <CR><LF> sequence before
         the signature can be verified.  This is necessary since the
         local MTA may have converted to a local end of line convention.

   (2)   Pass both the signed data and its associated content headers
         along with the OpenPGP signature to the signature verification
         service.

=====

> It's my mail and my signature (for testing purposes) so I'm sure
> signature is ok, btw.
> 
> Does it matter if in the beginning of the part is:
> 
> Content-Type: Text/Plain;
> charset="utf-8"
> Content-Transfer-Encoding: quoted-printable

No.


> and the whole copied part ends with:
> 
> =3D

It shouldn't matter.


> Also, when I copy the text, when using Kate (text editor for KDE,
> Linux), I always use utf-8 for opening/saving documents.
> Shall I change to another charset ?
> There is no choice for exactly 'ascii', just e.g. western european ISO
> 8859-1 and many others.

The charset should be irrelevant because quoted-printable encoded text 
does not contain any non-ASCII characters.

Concerning (1) in the excerpt of RFC 3156 quoted above, you have to tell 
Kate to switch the line endings to Windows line endings (Tools->End of 
Line->Windows/DOS) before saving the text to a file. Or run unix2dos on 
the saved text to convert the line endings on the command line.


If you do all of this correctly, then you might be lucky that the 
signature verification succeeds. You might not be so lucky when the next 
signed message arrives.

IMHO trying to verify an OpenPGP/MIME-signed message by hand is at most 
a nice exercise, but it's certainly nothing one should do regularly.


Regards,
Ingo

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to