On Tue, Jan 19, 2016 at 04:37:11PM +0000, mick wrote:
Steve tells me that he had a problem with my last email to the list (Re: Rural Broadband). He got a bad signature from GPG.
In a follow up exchange off list Steve said:
"Here's what gpg says:
$ gpg -v --verify signature.asc msg gpg: armor header: Version: GnuPG v2.0.22 (GNU/Linux) gpg: Signature made Tue 19 Jan 2016 14:04:01 GMT using RSA key ID 5BADD312 gpg: using PGP trust model gpg: BAD signature from "Mick Morgan (Mick's new 4096 bit key) mick@rlogin.net" [unknown] gpg: textmode signature, digest algorithm SHA256, key algorithm rsa4096 --"
Ive been using this key since the middle of 2012. I have also been using claws (with PGP/MIME enabled) as my MUA for ages. There seem to be a couple of reasons why GPG should complain. The most obvious is that the email has been changed after signature. Paranoia aside, this can easily happen if the MUA (at either end?) changes the mail by wrapping at a particular line length. Another possible reason is that my signature key length (4096 bits) is too long for the recipient's system to handle correctly.
But as I say, I have been using the current key for nearly four years now, so my question is, has anyone else seen this problem with my signature? And does anyone know what may be going on here?
It validates fine for me here (mutt/gpg on Debian 8.2 [jessie]).
J.