OpenPGP error

[Ludwig Hügelschäfer]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

Sean Wilson wrote on 11.10.09 15:37:
> Why is it when I sign an email and someone replies to it I sometimes get
> the following error:
> 
> Part of the message signed; click on 'Details' button for more information
> 
> in the details it says:
> 
> OpenPGP Security Info
> 
> Error - signature verification failed
> 
> gpg command line and output:
> C:\Program Files\GNU\GnuPG\gpg.exe
> gpg: Signature made 10/11/09 14:13:48 using RSA key ID xxxxxx
> gpg: BAD signature from "Sean Wilson <sean at xxxxxx.com>"
> 
> Why does this happen?
> 
> If I send an email between two different email accounts and I sign it,
> then reply I NEVER get a broken signature so why does this happen when
> other people reply to my emails?

You're using in-line signatures, the recipient does not use gnupg and
cites your mail when replying, isn't it?

In this case, the following is happening: he/she is citing your mail
including the signature. Enigmail tries to verify it, but due to the
insertion of citation marks, e.g. "> " at the beginning of the lines,
your original message is modified, so the signature is broken.

It doesn't make much sense to sign messages to recipients who can't
verify it. If your recipient is using enigmail, it will strip your
signature upon replying.

HTH

Ludwig
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCgAGBQJK0eUpAAoJEA52XAUJWdLjC8gIALAF4b60P9EPwVTq1REeKZLU
ULBvDraFRktopbmNuQCFNgf7k7qApzUgumkxyu9Wzq0dQKnv76jBcbQfkM3sYUKJ
jxTBGj3rSy1ybfiWfPLVr89Ed0q9LdQvLVgkRLeGYjNqbdEcSfm7x45Xxkzkk5c6
Buyxy5iGtrljZUo9wV6q4pRN+fGbHsAT42OCOFKKlEN2y6EC0OxL29AQTO42uX7N
WjL1/wW0f/H8tUDw8+vlB94TUANNxsHTr30mVTx3KejNZOehnyPv6N9GS3+BrP55
GkMHTu4xZRFVWS2n/IYg2LI5c0xQuocfHimpLBnZ7KMBqwNycXRJzSQocaeJ4CQ=
=X52Z
-----END PGP SIGNATURE-----