gpg --verify hangs on malformed signature
ccrlphr at xensei.com
Wed Jul 22 13:39:15 CEST 1998
On Wed, Jul 22, 1998 at 09:07:09AM +0200, Werner Koch wrote:
> at the end of parse is only done if the parsingfunction returns with
> -1; which it does not. We should change the line after the leave
> label in parse() to:
> if( !rc && iobuf_error(inp) )
> rc = ...
this helps, thanks.
> I think I should add some test cases for invalid data.
> > gpg: WARNING: This key is not certified with a trusted signature!
> > gpg: There is no indication that the signature belongs to the owner.
> > when I vaildate the valid signature of a mail. I imported the foreign key, signed it and now I would think
> > if I signed the key it should be trusted - or whom should I trust if not me?
> Can you check this again with option "--debug 256"? Anyway I'm
> currently rewriting all this stuff.
the debug info:
gpg: note: no default option file '/homes/steffen/.gnupg/options'
gpg: Warning: using insecure memory!
gpg: DBG: key 2FED2B5C: checking secret key
gpg: DBG: key 2FED2B5C.1: stored into ultikey_table
gpg: DBG: key 69ABA264: checking secret key
gpg: DBG: key 69ABA264.3: stored into ultikey_table
gpg: Signature made Fri May 22 10:55:44 1998 using DSA key ID F03ECD75
gpg: Good signature from "Another Person <person at somewhere>"
gpg: check_trust() called.
gpg: DBG: check_trust() returns trustlevel 0002.
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/16384
and if it helps the output from gpg --list-sigs:
pub 1024D/2FED2B5C 1998-07-21 Steffen Ullrich (Console) <ccrlphr at xensei.com>
sig 2FED2B5C 1998-07-21 [selfsig]
sub 1024G/69ABA264 1998-07-21
sig 2FED2B5C 1998-07-21 [keybind]
pub 1024D/F03ECD75 1997-09-26 Another Person <person at somewhere>
sig F03ECD75 1997-09-26 [selfsig]
sub 2048G/F4D33253 1997-09-26
sig F03ECD75 1997-09-26 [keybind]
sig 2FED2B5C 1998-07-21 Steffen Ullrich (Console) <ccrlphr at xensei.com>
> > BTW, did you know that the german division of Network Associates (which know owns PGP) charges 3049,-
> > DM for a 10 user License? They still give you only the NT and Mac version, but starting with 10
> > users you are allowed to use the code which is available commercially under UNIX.
> Really? www.pgpi.com?
Yes and No. Looks like pgpi.com only cares for the non-commercial stuff. But they link to
pgpinternational.com which has information where to get commercial version. For Germany I found:
Network Associates GmbH, Deutschland, Tel.: +49-(0) 89-89 435 60
where I received the information
More information about the Gnupg-devel