Re: [ALUG] Slightly OT for the list: - GPG bad signature

On Tue, 19 Jan 2016 16:58:06 +0000 Srdjan Todorovic todorovic.s@googlemail.com allegedly wrote:

I get something similar after importing your key from the keyserver:

gpg -v --verify signature.asc text.txt gpg: armour header: Version: GnuPG v2.0.22 (GNU/Linux) gpg: Signature made Tue 19 Jan 2016 16:37:11 GMT using RSA key ID 5BADD312 gpg: using classic trust model gpg: BAD signature from "Mick Morgan (Mick's new 4096 bit key) mick@rlogin.net" gpg: textmode signature, digest algorithm SHA256

But of course, I'm taking a risk of sounding like a moron; how much of your email do I need to trim (from gmail show original saved to a file) or copy / paste from the webmail in order to get something that can be fed to gpg?

Srdjan

Unfortunately that is one of the problems I face in using a PGP/MIME compliant MUA when lots of people don't. I don't use Gmail (in fact I run my own mailserver - I hate the idea of someone else handling my mail) so I'm no expert on Gmail's idiosyncracies, but I'm pretty sure it doesn't handle PGP/MIME well, if at all. The only way I could get a Gmail user to properly handle my signed/encrypted mail would be for me to create the message in a text editor, then sign/encrypt that message and paste it into my email. So long as I didn't use PGP/MIME, then the email would contain something like this:

-----BEGIN PGP MESSAGE----- Version: GnuPG v1

owEBagKV/ZANAwAIAQof5gtbrdMSAaw6YghtYWlsLnR4dFafmGVUaGlzIGlzIGEg dGVzdCBtZXNzYWdlLiBJdCBpcyBzaWduZWQgYnkgbWUuCokCHAQAAQgABgUCVp+Y ZQAKCRAKH+YLW63TEvDhD/0WdN+TX/7G6yn1s9jW9ajXfDpoOJXXKhMeM4xvNol7 vUpmDAhJKSQ5bu83WYoZA6xSAy/K+lqnSIoUgomxUDOSLF+1cMQYbXNLWAGGX6ZH IAOt4n4QEzqvjvJp4dGSIIb5k42sa9rYjlC7A91PY+4s0xA1O3qROJlWI6q1cZqB Bdvb8Gx3oTgGhfRcBn4tgjXry8hmrPc0IqlZUlRYD1XJ7BVlIAmvFMH7tfyhSnkC usDmkbHyCj5l3Do62aYMAh3OpCIcDXhNxCBglA3+QwYadAQDDSgjBG/a0ZDiUltr j20+x6Yckp4wZBOGofzYJ2Wh3jfc8CPVIGPv5Ip7/7Uv2J+QggCxMjsEtyC8KhLT aslYDzc8isYOlJ3kWoDp/iOP2xPW5PyMbxxLjFVmna8sFfpjxhyQouSjqUmNObwU +w6opL07V8bghtipbFAcL0D1B+sPucyCYgOir23cyJ4B49aJT92rFv4c3cTuhgWa PHyDNCaGNU4BC6ZLn1+facs6IdnSZQEPgpms8E55eIQ+u7C64rTJ13Au+GxFs//J blEVQjrSj8SMvzF4W5xLPhT0y2OjfBVI+xYyxe2RVq0NWHv3seFDfvq0noxt9l9Y 6En1QGrQdz5oPKTbgVWELLmYgMP1m125KJlRVWuGkiMQxbSia4pnGTOrdKtGpxJr iA== =usRP -----END PGP MESSAGE-----

You could then cut/paste everything with the BEGIN/END headers and verify my mail.

However, if you, as a Gmail user simply try to cut/paste my PGP/MIME signed email into a text file and then try to validate it against the signature, you will get the problem you see.

But I'm damned if I'm going to modify my mail usage simply to accommodate Google. :-)

Mick

(Question to the list: Is there any point in my continuing to sign mail to the list if it is going to cause difficulty?)

---------------------------------------------------------------------

Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net

---------------------------------------------------------------------