Can't verify key

George Sinclair gsinclair@nodc.noaa.gov
Wed Feb 14 22:18:28 2001 

Hello,

Perhaps I should e-mail the author on this one, but since this
involves signatures, and the signature is a PGP signature, I thought
I'd at least start here.

I'm running GnuPG version 1.0.4 on Solaris. I want to verify the
signature file (quintuple-agent-1.0.0.tar.gz.sig) for the new
quintuple agent (replaces secret-agent) gzip tarball file
(quintuple-agent-1.0.0.tar.gz) available from:
 
     http://www.vibe.at/tools/secret-agent

but I receive the following message: 

  gpg --verify quintuple-agent-1.0.0.tar.gz.sig
  gpg: Warning: using insecure memory!
  gpg: Signature made Mon Feb 12 15:44:19 2001 EST using DSA key ID BC185AB3
  gpg: Can't check signature: public key not found

I found the author's (Robert Bihlmeyer) public key (see below) from:

   http://stud4.tuwien.ac.at/~e9426626/sig.html

I have no way to verify its validity, but I gotta start
somewhere. Anyway, I copied and pasted it to a file named 'robbe.key'
and then imported as:  

   gpg --import robbe.key

Key imports fine, but the above error is generated. Additionally, just
laughs, I also imported this into my PGP keyring (ver. 5.0), and it
generates the following error when verifying: 

   pgpv quintuple-agent-1.0.0.tar.gz.sig 
   This signature applies to another message
   File to check signature against [quintuple-agent-1.0.0.tar.gz]: 
   Signature by unknown keyid: 0xBC185AB3

1. I realize this is a PGP signature, but can GnuPG 1.0.4 handle this, 
   and if not, what can I do?

2. If the public key I found is wrong, does anyone have the correct one?

3. If GnuPG can't work with this, and my version of PGP (5.0) won't,
   does anyone have a checksum for the gzipped tarball that 
   they could provide to me as an additional corroborating piece of
   evidence to ensure I have the right *untainted* file. Yes, I can
   e-mail the author, but I'd like to have tertiary confirmation.

Thanks mucho!!!

George Sinclair } gsinclair@nodc.noaa.gov

PUBLIC KEY FOR Robert Bihlmeyer as copied and pasted from:
http://stud4.tuwien.ac.at/~e9426626/sig.html

Key for user ID: Robert Bihlmeyer <robbe@orcus.priv.at>
1001-bit key, Key ID F5B09AB5, created 1995/11/16
Also known as: Robert Bihlmeyer <robbe@orcus.ping.at>
Also known as: Robert Bihlmeyer <e9426626@student.tuwien.ac.at>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2i

mQCLAjCrpfoAAAED6QHCamPMbTRmI3rt/UEwob5zcrTQdxNxD6bp5SAviwuuyg64
zhvwZJcTPS9taMTZvHWP3P4QZEMD68HOO0d1rkeTXLY7qeaYvf2is+QVx+zubeI2
uwQPgnZQjJpUkydC8dEoseGX2PnFjUNj6BjFbNiJ6M6OuGhPfuak9bCatQAFE7Qm
Um9iZXJ0IEJpaGxtZXllciA8cm9iYmVAb3JjdXMucHJpdi5hdD60JlJvYmVydCBC
aWhsbWV5ZXIgPHJvYmJlQG9yY3VzLnBpbmcuYXQ+iQCSAgUQMMFbZU9+5qT1sJq1
AQE6WAPorXofHvpDk4wY3bd/yaqqQZpyKl4as3iAJJUT8YaYd8pwgBkHlf4vzT0W
mA7bLx4YWWcJ8bu4m3vDscNiSewPmtu6M0o1lgWOrb5GFl4gujrleILmGZ6ooiVt
TbU7aKhn35GZgui+9cYRQGgVYKj86LyMEtXMkwBOVNxOoHS0MFJvYmVydCBCaWhs
bWV5ZXIgPGU5NDI2NjI2QHN0dWRlbnQudHV3aWVuLmFjLmF0Pg==
=4Kw7
-----END PGP PUBLIC KEY BLOCK-----