On Sun, Mar 13, 2011 at 06:32:54AM -0600, Aaron Toponce wrote: > On 03/13/2011 06:11 AM, Remco Rijnders wrote: > > Derek, > > > > I do appreciate you signing all your mails to this list, but each and > > every one of them shows up as a bad signature and I'm not sure whether > > you are aware of this or not. > > > > I've tried to contact you about this outside this list, but you don't > > make it very easy for people to contact you directly. > > Something must be broken with your MUA or OpenPGP implementation. All of > his signatures come in clean for me. I haven't seen a bad signature from > him on this list. > > OpenPGP Security Info > > UNTRUSTED Good signature from Derek D. Martin <d...@dragontoe.org> > Key ID: 0xDFBEAD02 / Signed on: 03/10/2011 11:36 AM > Key fingerprint: B5F7 DC7F F7B9 A9E2 5AE2 9002 1C49 C048 DFBE AD02
Actually, that was using Icedove. Using Mutt yeilds:
[-- PGP output follows (current time: Sun 13 Mar 2011 06:59:00 AM MDT) --]
gpg: Signature made Thu 10 Mar 2011 11:36:36 AM MST using DSA key ID DFBEAD02
gpg: BAD signature from "Derek D. Martin <d...@dragontoe.org>"
[-- End of PGP output --]
After running 'gpg --list-packets' on his signature, here's what I get:
:signature packet: algo 17, keyid 1C49C048DFBEAD02
version 3, created 1299603262, md5len 5, sigclass 0x01
digest algo 2, begin of digest e3 50
data: [159 bits]
data: [159 bits]
He's using DSA with SHA1. Interesting that the output is 159 bits, and
not 160 bits.
Seahorse also complains about the signature, calling it bad. Interesting
too that Enigmail with Icedove validates the signature, but Mutt fails.
At any event, it does in fact appear that something is broken with his
OpenPGP signatures, likely due to a misconfiguration in his
~/.gnupg/gpg.conf or muttrc.
--
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
signature.asc
Description: Digital signature
