Problem verifying signatures using PGP 8.0.2?

Problem verifying signatures using PGP 8.0.2?

Post by M Well » Mon, 16 Jun 2003 17:15:17



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi All,

I receive several email chat groups on which a number of participants
sign their messages using pgp (usually GnuPG).

When I try to decrypt and verify most of these signatures I usually
end up with a header similar to:

*** PGP SIGNATURE VERIFICATION ***
*** Status:   Unknown Signature
*** Signer:   Unknown Key (0x2B332060)
*** Signed:   13/06/2003 10:50:07 PM
*** Verified: 15/06/2003 6:08:03 PM
*** BEGIN PGP VERIFIED MESSAGE ***

At my end, I'm using PGP 8.0.2, Oulook 2002 and PGP is set to
synchronize with server upon verification.

I currently have 2 servers listed:

ldap://keyserver.pgp.com
ldap://europe.keys.pgp.com:11370

Is this a cause for concern? I may be misinterpreting the header, but
it seems to me that more often than not I'm being told that the
signature can't be verified?

Any help appreciated!

Much warmth,

Murray
http://www.planetthoughtful.org
Building a thoughtful planet,
one snide comment at a time...

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBPuwq1eIMKeNGhGX0EQItXwCgu+NTEFIYINsPgpDSMevjr4Zs9HYAn3vU
ydBfakXNy51Mpud2orrubult
=A5oi
-----END PGP SIGNATURE-----

 
 
 

Problem verifying signatures using PGP 8.0.2?

Post by Ron B » Mon, 16 Jun 2003 20:46:15


-----BEGIN PGP SIGNED MESSAGE-----


> Hi All,

> I receive several email chat groups on which a number of participants
> sign their messages using pgp (usually GnuPG).

> When I try to decrypt and verify most of these signatures I usually
> end up with a header similar to:

> *** PGP SIGNATURE VERIFICATION ***
> *** Status:   Unknown Signature
> *** Signer:   Unknown Key (0x2B332060)
> *** Signed:   13/06/2003 10:50:07 PM
> *** Verified: 15/06/2003 6:08:03 PM
> *** BEGIN PGP VERIFIED MESSAGE ***

> At my end, I'm using PGP 8.0.2, Oulook 2002 and PGP is set to
> synchronize with server upon verification.

> I currently have 2 servers listed:

> ldap://keyserver.pgp.com
> ldap://europe.keys.pgp.com:11370

> Is this a cause for concern? I may be misinterpreting the header, but
> it seems to me that more often than not I'm being told that the
> signature can't be verified?

> Any help appreciated!

> Much warmth,

> Murray
> http://www.planetthoughtful.org
> Building a thoughtful planet,
> one snide comment at a time...

One possibility is that these people simply do not have their keys on the
public keyservers.  Perhaps you should try to manually download the keys
and see if they exist there.

This is my result for 0x2B332060 from the MIT keyserver:

Public Key Server -- Error

No matching keys in database

If this is actually one of the keys you are trying to use for validation,
this seems to be the problem.

There are many reasons that someone would not want to post their public key.
You might ask them to e-mail their keys to you.

BTW: The key used to sign this should be on the server.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iQEVAwUBPuxcUUpQ41XL9/JxAQE7Rwf/af9BHbF7v2zSnj0Om+QKQSW4dCx8CmQG
S+L1ETZaPeHnr24rgr4BNpOeaEG5lbkmBrz9Pu40pQPNRhljug5H3t7jjVVwCOu8
vuxXrOXOF45soBOGBmNwYqvqy9UyL2ZDsL6KFzOlJCsgdgiPFgmI588fl0z49m8m
DqMxGOHQoHG1KrG7f8n/JCiiXoJ53uB0dkUgSPPVT+QxMwQV0dq34uQT49b5sj3P
j2W/jdoIFJPjoYJzTOckPppL6Hca+lFfJcv0na9wa8lynUtHYRk9GUsqS/PFdH2i
3qfX6U6YrYW95n4uJlXYpbQfZ3MUMJ/cJ8BNzAi9MpcUrYmHPu221w==
=77K2
-----END PGP SIGNATURE-----

 
 
 

Problem verifying signatures using PGP 8.0.2?

Post by Ron B » Mon, 16 Jun 2003 20:57:35


-----BEGIN PGP SIGNED MESSAGE-----

(Snip)

Quote:> This is my result for 0x2B332060 from the MIT keyserver:

> Public Key Server -- Error

> No matching keys in database

> If this is actually one of the keys you are trying to use for validation,
> this seems to be the problem.

> There are many reasons that someone would not want to post their public
> key. You might ask them to e-mail their keys to you.

> BTW: The key used to sign this should be on the server.

I was able to find my own key from <http://pgp.mit.edu/>  Ironically, the
original poster's key didn't show up though.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iQEVAwUBPuxfGkpQ41XL9/JxAQEyzAgAitRNo5SnnB3acFL1le7Di3zC6MrR+hWZ
fSgllQExd5L+/fBlTMgIPV1SOrufxIfUlCHMld8Byeelb6t0Zwqb8ryRyfEd2qDC
pVSlfu/4bDxU0PR5qeTZG8P13IWQOUx8bs3ncDpDEjleO0KCW9qRP9AIr0iNjD6c
8S2GQsuKIFtaHynsIcPzCMjZ5mCZ/JVUxVKWWolSxNzpO/J6sYswL6U9bcqmhlDY
U+npTOBfAqn3JLAfvGx3gPGU5k7TnvwPUUAmMqzMFLhg35Fc9k33/FZQVWmnaacv
aWym40VyjUKRUE9a8s8r5fVUbZ76y1MorTqgQpBZcK1l1S8FSyADhA==
=Y24h
-----END PGP SIGNATURE-----

 
 
 

Problem verifying signatures using PGP 8.0.2?

Post by Jason Ti » Tue, 17 Jun 2003 00:12:35


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It is!

| BTW: The key used to sign this should be on the server.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: My Key: 6ACE DC2C 4C5A 9911 96F3  DDEB C7EC A953 ADE5 0951

iQIVAwUBPuyM4MfsqVOt5QlRAQLxzg//UcHJr96E88t7kOkhJlgZhW4jjoCfVBR1
kEHMM+nkEQDRr18yFaMtmvpq1qcZUxLRySmYBfxAiLyDDNJSQ+Z/kw+hHV7Vlvty
BPAsv0hjr+TzeEKKrQh/00XP4b7V4wVbi7drfgDxPkqXCgL0HoxTuCjK8xli8awT
px7eD71yXSjwuhquL2rR2zES7mNN6mBNwNp2hYh/D3PZpm5BchdIkYqB6+Nyicyk
ZDSJbGtDrHDaffHc/lO4/fCusTJDlFq6CFYwRkDjQI+8k0yf/HPa8cIULz65bPET
MNtkvMsN29QKFYOoPYzK9YwNehZEVysQgY9NxVuwiVOeInwMz8eQBgxyXqoMqm47
MWGfkJUYizukcsC+wbrroUvSD/8DMigbFSiXKWnpRGDOQZ4R9pXG7ec3QhUjxXld
9NbrLfRvgZSE+iLRA7J6496D22RBbLHK7gVc28cYXGtUHt8uOarnNJSYcwrQlXNx
WDbhqtIx3bPT37Q4ptH6TUJAr3d3/NDicXlQfGmH4/E1DI/rISJO50GVBcUGd/Y6
cQL7cM+l4JBIf1NEPGnDbSs4wshN+b2/0FdAHj2nsMZ7zMaw268y6S+tCqxY5Bve
njpz2rj79Yw3CvbcIwVbRSEDn/+OtZowY0fu71UBrNSh33+cznkX1IeS9s2T3he6
I4YCQ0iQJ8M=
=9OmT
-----END PGP SIGNATURE-----

 
 
 

Problem verifying signatures using PGP 8.0.2?

Post by Jason Ti » Tue, 17 Jun 2003 00:13:17


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

| I was able to find my own key from <http://pgp.mit.edu/>
| Ironically, the original poster's key didn't show up
| though.

That is the problem! You can't verify if you don't have the
public key

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: My Key: 6ACE DC2C 4C5A 9911 96F3  DDEB C7EC A953 ADE5 0951

iQIVAwUBPuyNCcfsqVOt5QlRAQISJA/+J6HmXz19k62It73LkaBoBIBOe0weWwwP
vT1Xu++LlNV9gztatqEPSFBHaibbwqJljyfTS92OOVx3IrsKWAJL4jsgubgbiLAA
oDitWTvFtUs+hnXQuaMH5n2uMP/juArtBSNvWSv/xsV8KWWNzf6+aLBDDZZQzpd/
JEdW47tHpua2iu8QR4UyXiXXcEDR1T5O71IdFRZmLEUoiyje/xi8OMrIaE2aF9Vs
HyEciN3fLleyo0o++dYB4c7pvNdzi9NZ7rQb+5gV/1WbrnpOm4JCLkc0adPbjk/2
PaNywg15vV7vE1L7U2RH6C5x5PQq3FVdTXntt437AHwQsnW9zDb/v3mDCeAgtAys
dawps5MhDOHhEtIAFRK7CyOSoA9THLwDlSaGXA8rRStIXOu/fJwcxwW9UhjdBOo4
0Ffdp20io7IG4Im8DzjRrdAA/J7HEvOzxcia9Asgl69DcugqjuCxYP+lJdeqWA2J
7zN2AWcVzPKqjw+s+r69iGzLSX6NBnegpWe2HN44CZEygrnB5teXu9Gz35iUv//A
aYxfvXGYTbF7aHqo1kTpBES5v30oRJP30wApsjbpimV5MhuKaumHTfgpVLRx+4sR
AtpoWxsBz/i0yHuTichZv5+8v5qrysJejdMIxnL19hWc3HlQkfbw+IuuMqkmZ0Xu
tHf9zRtlDKk=
=+59O
-----END PGP SIGNATURE-----

 
 
 

Problem verifying signatures using PGP 8.0.2?

Post by Ron B » Tue, 17 Jun 2003 01:32:15


-----BEGIN PGP SIGNED MESSAGE-----


> | I was able to find my own key from <http://pgp.mit.edu/>
> | Ironically, the original poster's key didn't show up
> | though.

> That is the problem! You can't verify if you don't have the
> public key

Jason, respectfully, if you check the context of this thread, you will see
that this post was an addendum to a previous post of mine.  The gist of that
post was what you've just said.  You just said it better and more cogently.

P.S. I've been working with PGP/Gnupg for years now and though not a "guru",
I do know a few things.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iQEVAwUBPuyfe0pQ41XL9/JxAQGWEAgAtFTZxP7ONvIShMu987DOSq4x4nyOn4u5
CbnMQscdso+ZbsOEfnw/+ma653zw9i69s1ocVSg6nNxq+m1lpy83rThu7UPDEom7
PuEMzVIs7swl/9KQfMGqmNa5scAgebD5BNxYuS4Lv9kifhZ4JKro68C8heDtwHbD
obldpEKP9zL0QBRez9fdOTyD0kSQyquDWQ0DgoU4IW2vEfsfa1s3JOnadqyuCrri
Ba6ZIwtKSR9etAjYHUQiKxO66OfK508Ad1/uHOSAnWJ2QLd3TdKwlJ+q9kuDevJh
k5o04KGuOOGDIWSMuyG6OGJBPbWWM/E6HJ61+dn2LQlz4qy0Z9bwYQ==
=Tim9
-----END PGP SIGNATURE-----

 
 
 

Problem verifying signatures using PGP 8.0.2?

Post by Jason Ti » Tue, 17 Jun 2003 02:23:31


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: My Key: 6ACE DC2C 4C5A 9911 96F3  DDEB C7EC A953 ADE5 0951

iQIVAwUBPuyrkcfsqVOt5QlRAQLwfBAAqe5fFUIw4018aRPLVJlZMyij4etZS5k9
3CRL3KRlUtuOMu2MLSyPQpFWWU7tXzWDFE5UPZiETch2iV95ToWpYWw9KB+9zAiA
HVbF1gAIS/xoKI8pFrYXJHe3mi2Y6zLP8Fmw/9x5dTogc+czkbFlcc8CtRbQaJrm
e8Mg0/WJcnfrvRfQYK/yXQny84uI3uFv1Wup83ni55kYqTRslLgljibr5UREmnMk
/JehDoE2tXWtk9cQod5AJktwWz0rUPKWsj1JsI9dw9J6RWA69j8zcDiCbzli3g7v
3rI13tHX+pqyYAABwmxwMsv/7Y7i0MYlKgY/Yl6wJe8MTycy6RFPBK+uNG6LB9UO
hKgRTt7k3b7OPYgG1CRa8BF1WpZRJQajwwvfbSxX/+gw7DsRzcbiA29LDl/E56PQ
J41i28m9M02gSZv5abvLgIrebKhAnz+huztnEu3mXQ/GaG/7uqxAAlfsiLNT+hB6
PQHAizmP/7Tk6FvQM8ff0j6ssIklklE4VzwkCn88lr7Kj/n9bJl3Q/EHF5Mu2n5Y
OVipvjuKQgCdrIwd03761N5OwzRNbsEYv/+voLM7Kh1hWSBZucaJdN+pzsVR+ULo
yqsRRodrmW34a5mfL0fTRYt77BAydNq3Zifkz+DAAbNYr79JjVzi4ygPKc2Oz7p3
srOmsOENpok=
=s10y
-----END PGP SIGNATURE-----

 
 
 

Problem verifying signatures using PGP 8.0.2?

Post by Ron B » Tue, 17 Jun 2003 02:50:49


-----BEGIN PGP SIGNED MESSAGE-----


> Sorry

Oops, no need to apologize.  Easy mistake to do with a thread.
You know, this PGP signing thing can be kind of silly.  23 lines for a one
word message.  I was actually asked not to PGP sign in comp.os.minix.  I
don't actually read or post there, but I did have one question.  I told
them that if I ever posted there again I'd leave off the sigs.

Take care,
Ron B.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iQEVAwUBPuyx3kpQ41XL9/JxAQEj7wgAqZGmcY+Kj4e2m9MqN2eyYQnrW4Hly66h
yj20hgCR7wqyobsZGkb3e0rBcYTXmG20OFpv1SU7yrhO914cjVf+pH8sOGl3f+Aw
w6W8t8V97Ta4ZXfg7ZFyQJhmQmx5aWxNIlAVRye2797M6NjFmoE5W9v2mXTiKqtn
8GanEzoG8tUmEs6OWixzeT/TDrhEPn+PJhJ0wyQCkPpu9cPq53GMW+OmizcrfPaW
m7EcVgIFaFXQmYg7oO7I5xys6L43Ha8daYQQCk2T8PLM46loouVm/ChY90BW6A2G
K21AUQAe9hxa4Y5Oo4R7brDJomxuhUIq3iT+fGtHEZvgL6gWGWhsQg==
=kng+
-----END PGP SIGNATURE-----

 
 
 

Problem verifying signatures using PGP 8.0.2?

Post by Jason Ti » Tue, 17 Jun 2003 03:12:16


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

| You know, this PGP signing thing can be kind of silly.  23 lines for a one
| word message.  I was actually asked not to PGP sign in comp.os.minix


Here we go again... \/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: My Key: 6ACE DC2C 4C5A 9911 96F3  DDEB C7EC A953 ADE5 0951

iQIVAwUBPuy2/cfsqVOt5QlRAQLX0g//YLQxty6/ATRQVRctLitDgkBYDs6xwshk
rmUUDIAoFjlYAiHIY30YOMcFM9icsgg2+Vna/NgVs8hTrKHGNRHlCqpkFHCLqUBB
F+XsdCh/DHnyvoFmqnmR/+vPmc6e1wqIacjw8VczokBKIsxttKUYmEAIeq12i9GB
CQXG1qMtOIleYd4uLhD9HKQSwXJR25h2kM+nLbWi5o8ZY17dj0TdC0A0lTPfPVo0
wuSXat+V95lNBX+kteEHWOXB3brsnFKk6YG77qgx1bXTA4+XNvWI0tJapf5JjOGv
FYsVJsNLhSv4dTenIj/Hu4JlmwTHzFlGOSkQXLvEqaVAL7iipLxr/4sZP1v5i49V
NzPTSvdDsNq8X38WPC+jbM6McZbWpOIsVyQN4zp/TUnsKSs4/aZ0Mi1rfkiZ4sTi
HdY7uRF4cDLrUWrVpmCf0UVL+6h6myZcvjzUWfKMXYFPZYHF4eBfviRM5syQB+3a
nE0nFReL7/TyagqguJ45v86r92CPCUg9YzNhCHhLdU8CiUcnSg5dzgNaJtSTCq5b
DpOapLkCQDh/dKKzkGGJqNrzJF1JPPGasy1Pf6Syw6ybO9NfnElQtK/2oWZY5Q/R
xyuEjpLx41W21N58ON5gYSVeQyosr0LqNj5Qpw5khbAhnJOkF4fLEUxOmUnKOkzh
qk0Q2fbrPpE=
=z2Zo
-----END PGP SIGNATURE-----

 
 
 

Problem verifying signatures using PGP 8.0.2?

Post by Frod » Tue, 17 Jun 2003 03:26:51


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>> You know, this PGP signing thing can be kind of silly.  23 lines for a
>> one word message.  I was actually asked not to PGP sign in comp.os.minix

> Here we go again... \/

I like my nice tiny PGP sig. Although I guess the fact it's smaller
indicates the key it came from is probably less secure....?

- --
Frode

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBPuy6aeXlGBWTt1afEQIDaQCgq8m2qWuodRZDvtkFLGOiYKeAqicAn3V6
CmGXY13STXGAkBiatyv+Sbo+
=oAhE
-----END PGP SIGNATURE-----

 
 
 

Problem verifying signatures using PGP 8.0.2?

Post by Jason Ti » Tue, 17 Jun 2003 05:25:59


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

From:    http://www.mccune.cc/PGPpage2.htm#Short

Why Such A Short Signature?
DH/DSS keys always use SHA1 for the signature hash, and the
signing portion of the key (the DSS of the DH/DSS key pair)
is never larger than 1024 bits.  So no matter how large
your encryption portion of the key (the DH of the DH/DSS
key pair), your DH/DSS signature will never have more than
3 encrypted lines in your digital signature.  Traditional
v3 RSA keys normally use the MD5 signature hash; the RSA
key is used for both encryption and signing, and the number
of encrypted lines in the digital signature is determined
by the size of the RSA key:
RSA 512 bits       3 lines
RSA 1024            5 lines
RSA 2047/2048   7 lines
RSA 3100          10 lines
RSA 4096          13 lines
RSA 8192          23 lines
RSA 16K           45 lines

Despite the size difference, it should be noted that a 1024
bit DSS signature is considered more secure than a 2048 bit
RSA signature (when MD5 is use for the signature hash) -
because of a known weakness of the MD5 signature hash, and
because of SHA1's 160 bit hash versus MD5's 128 bit hash.



| I like my nice tiny PGP sig. Although I guess the fact
| it's smaller indicates the key it came from is probably
| less secure....?

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: My Key: 6ACE DC2C 4C5A 9911 96F3  DDEB C7EC A953 ADE5 0951

iQIVAwUBPuzVl8fsqVOt5QlRAQIYkA//QRpMiuQ5tRlsztjQ1Nr85YHEIwCl+xYe
fUuBpLDD0etJKHKENFnlL5nSlbxhWUSNsUA4NQw3Y9t0RiCNH+vCQ5W4THV0mv2Y
sLzaATfdnRjA3hSlF0WiTiUtQEzLDzGvD3Glw7e7rzgWSrf5qegK5PuKdt1uLhIm
vCoqrUslgC9gEZtSrXWdSoADa+YrGxsQkvshpKU6VFuVnhi+BsiuzK2RNLI98aWc
qTELxD4TRts0M8xsDB2CBsei9opr06hvm07RFPQ0u7moa/PDzyIWG0J/+8MtBWJC
shqVCCHB6TMsWRmTRsHQkeGv8Vk3MQBsPRCOOEi78r/A9QhCrEunRcHrQhPjUU/g
Yz7+kysC9yu6NFJqfWE8ZGdJIb5MCicLh4yLhMy/HboEFpmXM3f0xUzm5rwdGg2V
f0sxdRD7EY+CnYcrnJjtJN+GfiZy+C0lEavPZqCUp3tiWx0F29343fR/7iDKqoqP
a0uWHfZmmlLI6TRZKelskdZ+5yVfKblGcAyqfdchllcMRn6gBjKF32sx/sO9rwEf
lMtDqIP5/KgAqy8W9WkHqikhPMlxsy5xgHOOb0PvK8G4aIubN8/+2efL0AJxXhIe
UR08yBMEq7Q5j5I27317Ha6T7kOhQDwsTVSW9UFT2XkS3kORjVXgDgGsnef7Lf3i
QW2E/TlFwgQ=
=QRyw
-----END PGP SIGNATURE-----

 
 
 

Problem verifying signatures using PGP 8.0.2?

Post by Frod » Tue, 17 Jun 2003 06:16:36


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>> I like my nice tiny PGP sig. Although I guess the fact it's smaller
>> indicates the key it came from is probably less secure....?
> I would be cautious with that guess.  This might help:

So all we gotto do then is to wait for people to upgrade to versions
supporting DH/DSS and make new keys then....? :)

- --
Frode

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBPuziMuXlGBWTt1afEQIjSQCgnjpu/VSq9uLOd5YGX47Us8MtJdUAoLjo
zBnlBMgNDNG5piBuVPl8u87B
=LFA1
-----END PGP SIGNATURE-----

 
 
 

Problem verifying signatures using PGP 8.0.2?

Post by Jason Ti » Tue, 17 Jun 2003 08:43:48


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Your key is DH/DSS as are most (it is also the default for key generation
and has been for a while)

For a time it was the only kind of key that could be created


| So all we gotto do then is to wait for people to upgrade to versions
| supporting DH/DSS and make new keys then....? :)

Here we go again again! \/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: My Key: 6ACE DC2C 4C5A 9911 96F3  DDEB C7EC A953 ADE5 0951

iQIVAwUBPu0EscfsqVOt5QlRAQJSFRAAo4FX3Gje0R93w5iQfKu++oo6MTDK/d6q
OBMcGH90qYEx/FSrWvoBEaM60BSXPCEtm8jJtob/+RqVRWAIR8EyDZYuKQSDmcCb
4WCx6NDODp0C7Qf5TMFXNBN4QA45MPt9hYGMuQ2IJotOb9OmESSC8yArxJfVwPkX
478oLKqIok7Huyj8/9LmcWfA6jwQ51joSj/PQm+20V6z6iaEtlmKZgW0vUElw3zm
xqkBtMcHd192pv9PuQYOPoDQHqNCON+iJ9i1TDSiWHdO6Xl21rV/3wPaOrAfVkK/
hYrU4fNWow4QWBUygw2sl+hlUD4WcvWxo9L6F54pt7ZEYEB/OBdKLIepkQQxjfSD
XoDMQRNq++snKzAlzS4qFZx8gMktcJ79a0YypoeQ6PPemkVxL4lEvZRrni+YODe5
u6Wby6IF8AequQz/CQwYprGcY/UbxEgBbGOTYgIldiEUgel54Y/VB4YsP0nkQfp/
RWcKirFrm65IlxtmxmXo/JPtqpVhNKHoCEpFnophaJb6YuvRHsbI3WXIm4bGMlBd
qYLJxC277cTKgdBszncpPe3BAIMHsb9YuRz+PjJuBetezu8IGGyO7/MtWNdioQ7W
tWQ3HA7/roGt2LoT/ff1L1pOnR3TwdpLipv0SfzrDtCPRsCefbG1nLdC5EKH3NtF
IhCLWIwMRQw=
=kwYW
-----END PGP SIGNATURE-----

 
 
 

Problem verifying signatures using PGP 8.0.2?

Post by Ron B » Tue, 17 Jun 2003 09:11:40


-----BEGIN PGP SIGNED MESSAGE-----



> Warning: The signature is bad.

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1

> Your key is DH/DSS as are most (it is also the default for key generation
> and has been for a while)

> For a time it was the only kind of key that could be created



> | So all we gotto do then is to wait for people to upgrade to versions
> | supporting DH/DSS and make new keys then....? :)

> Here we go again again! \/

Word wrap problem?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iQEVAwUBPu0LMUpQ41XL9/JxAQFnGAf+KowqHS6IH1za5rPEJyZpm3dostjru4q2
LaLYTdet/BgFVxtYhn+Llcxj2n8Pdu/X17qckdLkQX5vDNSFHhZN6TLrwljd6jJf
ml0yuh7HqTFwwUlrmU97PiY1n2Dd4uw+1yOdtKGHYkntx6m1lOUlmfstA0XWfOWc
cOdhtkizicnIBYjzM3EAMbzhlY3bM9HkhvdlIyLo7l6LPjnYA5L7avZLe3AGsUft
XF2rws5VTIbhEk3KvSmBijz83YQqDVJEA5snGr0cFW43fcHhOwsi1A9o8KnEnMLi
kVGdvrxu3Yu/+J8ZaHTOqAJFK4wxdFI+GS0/vkV9KHAjzvQaErOKFA==
=ldkV
-----END PGP SIGNATURE-----

 
 
 

Problem verifying signatures using PGP 8.0.2?

Post by Frod » Tue, 17 Jun 2003 15:16:27


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> Your key is DH/DSS as are most (it is also the default for key generation
> and has been for a while)

I know. I was talking about all those people with half a page of PGP sig.

- --
Frode

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBPu1gueXlGBWTt1afEQJFkQCePwqrt87oNXvvzynvrAgFtV7/V5QAn3On
K6p1vH6XgXwsq4xrw/zcI5so
=SHau
-----END PGP SIGNATURE-----

 
 
 

1. Help verifying PGP 2.62 signature with PGP 5.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I got a message from a friend that was signed.  I want to verify the
signature.  I have PGP 5.0.  When I try to verify it I get the following
error
message:

Could not find a public key to verify the signature on this message.

I downloaded his public key so I don't understand what the problem really
is.
Can anyone please help out?  Thanks!

Geoffrey Faivre-Malloy

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBNCh9bA+FA35lRYFDEQKCeQCeM2gJSAmJSwCunKwIOYhQ/npiAY4AoN3/
nzopnVzbvCMQbfdT4PwtAQVA
=IZXT
-----END PGP SIGNATURE-----

2. How a process can unload itself; an answer

3. PGP 5.0 detached signature files fails check when I use PGP 2.6.2ia to verify ?

4. CNet Reply's

5. Begin PGP Signature::: End PGP Signature

6. Soft Talk by Peter Coffee in PC Week 1/9

7. New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged

8. 600XL/800XL os diffs?

9. PGP signatures don't verify

10. Problems verifying signatures on e-mailed messages

11. PGP DOS vs PGP Win - Signature Sizes

12. PGP 5.0i DOS vs PGP 6.2i Win - Signature sizes

13. Bad signature/word wrap problem with PGP and GPG