Wrong signature on idea.c, broken link

Jason Harris jharris@widomaker.com
Fri May 17 20:10:02 2002 

--FL5UXtIhxfXey3p5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, May 15, 2002 at 04:04:46PM -0400, Andy Ozment wrote:

> I'm new to gpg, so I apologize if these "bugs" are really my ignorance
> rather than a bug.

You've been using (commercial) PGP all this time?  :(

> 1. In an attempt to get the idea module, I went to the page
> <http://www.gnupg.org/why-not-idea.html>
>=20
> I downloaded the files idea.c and idea.c.sig. I then tried to check the
> sig:
> $ gpg --verify idea.c.sig idea.c
> gpg: Warning: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> gpg: Signature made Fri Aug 17 03:34:05 2001 EDT using DSA key ID
> 621CC013
> gpg: Can't check signature: public key not found
>=20
> $ gpg --list-keys
> pub  1024D/57548DCD 1998-07-07 Werner Koch (gnupg sig) <dd9jn@gnu.org>
>=20
> It appears to me, then, that idea.c was not signed with the key that
> signed the entire distribution (57548DCD, Werner Koch). Is this
> intentional? I could not find the key that did sign the file anywhere on
> the site.

Use the keyservers, Luke!

(However, it doesn't look like Werner has cross-signed all his keys...)

pub  1024D/621CC013 1998-07-07 Werner Koch <werner.koch@guug.de>
     Key fingerprint =3D ECAF 7590 EB34 43B5 C7CF  3ACB 6C7E E1B8 621C C013
sig?       FF3EAA0B 1998-07-07  [User id not found]
sig        0C9857A5 1998-07-08  Werner Koch <werner.koch@guug.de>
sig        9265FAFB 2001-11-03  Derek Gaston <dgaston@umr.edu>
sig        513AEFD9 2000-09-25  Hans-Joerg Hoexer <hshoexer@rommel.stw.uni-=
erlangen.de>
sig        82957B66 2000-07-11  Hideki Saito <hideki@allcity.net>
sig        C5E88112 2000-02-22  Ruediger Hahn <ruedi007@topmail.de>
sig        5B0358A2 1999-03-15  Werner Koch <wk@gnupg.org>
sig        B1CC03AA 1999-06-21  Javier Kohen <jkohen@tough.com>
sig        621CC013 1999-11-12  Werner Koch <werner.koch@guug.de>
uid                            Werner Koch <wk@gnupg.org>
sig        5B0358A2 2000-10-01  Werner Koch <wk@gnupg.org>
sig        621CC013 2000-11-21  Werner Koch <werner.koch@guug.de>
uid                            Werner Koch <wk@openit.de>
sig        513AEFD9 2000-09-25  Hans-Joerg Hoexer <hshoexer@rommel.stw.uni-=
erlangen.de>
sig        82957B66 2000-07-11  Hideki Saito <hideki@allcity.net>
sig        621CC013 2000-11-21  Werner Koch <werner.koch@guug.de>
sig        90F89A7D 2001-01-25  Ralf Hildebrandt <ralf.hildebrandt@innomina=
te.com>

--=20
Jason Harris          | NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris@widomaker.com | web:  http://jharris.cjb.net/

--FL5UXtIhxfXey3p5
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iD8DBQE85UekSypIl9OdoOMRAlGUAJ9owXz90w6Gyif3eh05r4UKYyW9aACfV631
KtD2tVaXe1WTcNKy1ha40xs=
=0YDU
-----END PGP SIGNATURE-----

--FL5UXtIhxfXey3p5--