On 11/12/15 22:42, MFPA wrote: > >> > On my laptop, with Debian Jessie and gpg2.1.7, the >> > signature verifies ok. Again normal for 2.1.x > Do both signatures verify correctly for you with 2.1.x, or does > Enigmail still only pass on the result of one of them? >
I don't use the laptop regularly for mail but I did update its inbox today just to check out what it does now. gpg2.1.7 with enigmail 1.9a1 of 30 Nov 2015 verifies all your emails of 2015 as 'good signature'. However, when I look to see more details, the verification behind the enigmail 'Details' button quotes key ID 0x547B7194 which is the RSA 2048 public key identity. But when I look into the enigmail log, there I see that signatures were made by both EDDSA subkey 0x1712BC461AF778E4 and RSA subkey 0x6B7C74CEB31F25F0. Getting back to the desktop -- On my desktop with 2.0.22 with enigmail 1.9a1 of 8 Oct 2015, enigmail provides differing info depending on whether you're inline or pgp/mime. The latter gives the more alarming info behind enigmail's Details button "Untrusted bad signature ...." But again, enigmail's logfile shows both subkeys were used. Enigmail doesn't use the available info which is there in the logfile wrt the RSA key ...(I quote from the logfile)... "using subkey 0x6B7C74CEB31F25F0 instead of primary key 0x251BCCEB547B7194 gpg: using PGP trust model gpg: key 0x26BD500A23543A63: accepted as trusted key gpg: Good signature from "MFPA" [unknown] gpg: aka "2014-667rhzu3dc-lists-gro...@riseup.net <2014-667rhzu3dc-lists-gro...@riseup.net>" [unknown] gpg: aka "0x251BCCEB547B7194" [unknown] gpg: WARNING: This key is not certified with a trusted signature!" Never mind the trust issue. The logfile does show "good signature". Philip
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
