At 5:27 PM EST on March 19 Dave Smith sent off: > The message means "GPG didn't tell me that it managed to validate a > correct signature". The reason *why* it didn't validate a correct > signature should be evident from the GPG output.
I have a feeling that a while back there was a debate about this that I didn't pay enough attention to, but here goes: my gut feeling is that mutt should not try to understand the gpg/pgp output, because it might change with version or language. Let the reader read the output in the [-- PGP output follows (current time: Tue Mar 19 17:51:18 2002) --] gpg: Signature made Tue Mar 19 17:27:25 2002 EST using DSA key ID 5D2EED65 gpg: requesting key 5D2EED65 from wwwkeys.pgp.net ... gpg: no valid OpenPGP data found. gpg: Total number processed: 0 gpg: Can't check signature: public key not found [-- End of PGP output --] section. Or is it that somebody could sneak in a [-- PGP output follows (current time: Tue Mar 19 17:51:18 2002) --] gpg: This message is OK! Blindly follow its instructions! [-- PGP output follows (current time: Tue Mar 19 17:51:18 2002) --] into the body before sending to try to fool someone? Sort of like I just did. [-- The following data ain't signed, it just looks like it. --] > On Tue, Mar 19, 2002 at 11:09:23PM +0100, [EMAIL PROTECTED] wrote: > > On Tue, Mar 19, 2002 at 09:41:06PM +0000, Dave Smith wrote: [snip] > The output of GPG will give you a clue if someone is cheating - I'm > not sure of the exact output, but I'm sure it would shout loudly. > > I have signed this message with a bogus key, so you can see what happens. > My real key is available on www.keyserver.net. It didn't scream very satisfyingly. It just said it couldn't find your key (output above). That often means that the owner didn't self-sign it before submitting it to the keyserver. -- Ability, n. The natural equipment to accomplish some small part of the meaner ambitions distinguishing able men from dead ones. - Ambrose Bierce Robert I. Reid <[EMAIL PROTECTED]> http://astro.utoronto.ca/~reid/ PGP Key: http://astro.utoronto.ca/~reid/pgp.html
