Problems verifying signature with autoimported keys

David Shaw dshaw at
Wed Feb 5 14:47:02 CET 2003

On Wed, Feb 05, 2003 at 01:51:04PM +0100, Holger Sesterhenn wrote:
> Hi,
> >>[GNUPG:] SIG_ID skATzmEpRldO4qfomtEO27ZoSTg 2003-02-04 1044382098
> >>[GNUPG:] GOODSIG 2222222222222000 userB <userB at internet>
> >>gpg: Good signature from "userB <userB at internet>"
> >>gpg:                 aka "alias userB <userB at somewhere>"
> >>[GNUPG:] VALIDSIG 2222222222222222222000000 2003-02-04 1044382098 0
> >>gpg: WARNING: message was not integrity protected
> >
> >
> >This is a good signature.  Is the message that is concerning you the
> >"message was not integrity protected" warning?  That is not part of
> >the signature.
> Ups?! I have other messages which are signed (cleartext, opaque, 
> enc+signed) and all of them show a "[GNUPG:] GOODMDC" instead of this 
> message. What might be the difference?
> The signature itself is correct, I know but there must be something wrong 
> with the trust, right? Doesn't mean "integrity protected" that the 
> signature should be correct?

No, the integrity protection (MDC) is unrelated to the trust or the
signature.  It is a fairly new feature in OpenPGP that protects
against certain kinds of message tampering.  Rather like a signature,
but it works for unsigned messages as well.  The warning just means
that the message didn't have a MDC.  You can disable the warnings with
"no-mdc-warning" if you don't want to see them.


   David Shaw  |  dshaw at  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list