Aha. I've found what's going wrong. The attached public key has these
MIME headers:
Content-Type: application/pgp-keys
Content-Description: =?utf-8?Q?PGP-=C5=9Dlosilo_0x245F71FA=2E?=
Content-Disposition: attachment
If you don't recognise =C5=9Dlosilo, it's "key" translated into
Esperanto in UTF-8, quoted-printable. If I undo the RFC-2047-encoding,
lo, the signature is good.
So, either there is some over-enthusiastic internationalisation going
on, or signing and RFC-2047-encoding are happening in the wrong order.
Or something like that.
I'll look at this again later and see if I can discover exactly where
the bug is ...
Edmund
