1.0.3 fails to verify RSA signature, 1.0.2 is OK
Keith Owens
kaos@ocs.com.au
Mon, 02 Oct 2000 21:29:20 +1100
On Mon, 2 Oct 2000 11:53:01 +0200,
Werner Koch <wk@gnupg.org> wrote:
>1.0.3 does not use rsaref or any other rsa module - it is silently
>ignored. I have no way to test 1.0.2 with the rsaref module - my
>test with the rsa moules says that the signature is bad. pgp 2.6.3a
>(From Debian) says the same.
>
>Interesting new class wu-ftp bug ;)
gpg 1.0.2 with rsaref module accepts the signature. PGP version
unix50i1b accepts the signature. pgp-2.6.3i does not. gnupg 1.0.3
does not. A worrying set of results, especially since an earlier
version of gpg worked.
# pgpv wu-ftpd-2.6.1.tar.gz.asc
This signature applies to another message
File to check signature against [wu-ftpd-2.6.1.tar.gz]:
Good signature made 2000-07-02 05:18 GMT by key:
1024 bits, Key ID 62885875, Created 1999-05-22
"WU-FTPD Development Group <wuftpd-members@wu-ftpd.org>"
WARNING: The signing key is not trusted to belong to:
WU-FTPD Development Group <wuftpd-members@wu-ftpd.org>
# pgp-2.6.3i wu-ftpd-2.6.1.tar.gz.asc
Pretty Good Privacy(tm) 2.6.3i - Public-key encryption for the masses.
(c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 1996-01-18
International version - not for use in the USA. Does not use RSAREF.
Current time: 2000/10/02 10:26 GMT
File has signature. Public key is required to check signature.
File 'wu-ftpd-2..$00' has signature, but with no text.
Please enter filename of material that signature applies to: wu-ftpd-2.6.1.tar.gz
.
WARNING: Bad signature, doesn't match file contents!
Bad signature from user "WU-FTPD Development Group <wuftpd-members@wu-ftpd.org>".
Signature made 2000/07/02 05:19 GMT using 1024-bit key, key ID 62885875
WARNING: Because this public key is not certified with a trusted
signature, it is not known with high confidence that this public key
actually belongs to: "WU-FTPD Development Group <wuftpd-members@wu-ftpd.org>".
Signature and text are separate. No output file produced.
--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org