1.0.3 fails to verify RSA signature, 1.0.2 is OK

Keith Owens kaos@ocs.com.au
Mon, 02 Oct 2000 21:29:20 +1100

On Mon, 2 Oct 2000 11:53:01 +0200, 
Werner Koch <wk@gnupg.org> wrote:

>1.0.3 does not use rsaref or any other rsa module - it is silently
>ignored. I have no way to test 1.0.2 with the rsaref module - my
>test with the rsa moules says that the signature is bad. pgp 2.6.3a
>(From Debian) says the same.
>Interesting new class wu-ftp bug ;)
gpg 1.0.2 with rsaref module accepts the signature. PGP version unix50i1b accepts the signature. pgp-2.6.3i does not. gnupg 1.0.3 does not. A worrying set of results, especially since an earlier version of gpg worked. # pgpv wu-ftpd-2.6.1.tar.gz.asc This signature applies to another message File to check signature against [wu-ftpd-2.6.1.tar.gz]: Good signature made 2000-07-02 05:18 GMT by key: 1024 bits, Key ID 62885875, Created 1999-05-22 "WU-FTPD Development Group <wuftpd-members@wu-ftpd.org>" WARNING: The signing key is not trusted to belong to: WU-FTPD Development Group <wuftpd-members@wu-ftpd.org> # pgp-2.6.3i wu-ftpd-2.6.1.tar.gz.asc Pretty Good Privacy(tm) 2.6.3i - Public-key encryption for the masses. (c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 1996-01-18 International version - not for use in the USA. Does not use RSAREF. Current time: 2000/10/02 10:26 GMT File has signature. Public key is required to check signature. File 'wu-ftpd-2..$00' has signature, but with no text. Please enter filename of material that signature applies to: wu-ftpd-2.6.1.tar.gz . WARNING: Bad signature, doesn't match file contents! Bad signature from user "WU-FTPD Development Group <wuftpd-members@wu-ftpd.org>". Signature made 2000/07/02 05:19 GMT using 1024-bit key, key ID 62885875 WARNING: Because this public key is not certified with a trusted signature, it is not known with high confidence that this public key actually belongs to: "WU-FTPD Development Group <wuftpd-members@wu-ftpd.org>". Signature and text are separate. No output file produced. -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org