GPG>PGP signature validation
Michael.E.Grimes@fritolay.com
Michael.E.Grimes@fritolay.com
Fri May 18 22:48:01 2001
Hello GNUPG users,
We use PGP to encrypt and sign data files which are then transmitted over the
internet to our various trading partners. The PGP version we use is e-Business
Server(tm) Version 7.0.1 and it is running on an AIX(unix) platform. Recently we
set up a trading relationship with a company who uses GNUPG version 1.0.4
running on an NT box. When we decrypt a file from the GPG site, transmitted via
either ASCII or binary ftp, the decryption is performed successfully and PGP
exits with a returncode of "0" - but the following message appears in the
logfile we keep:
event 12: Signature
WARNING: Bad signature, doesn't match file contents!
We have a number of trading partners also using PGP and have not had signature
validation problems. Our new trading partner has successfully validated their
signature with GPG. We would like to eliminate the cause for this message since
we expect to have many trading relationships with GPG shops, and a good
signature validation is verification that our datafile has not been tampered
with.
Questions:
1. Can a signature from GPG be validated by PGP?
2. Is this a configuration issue?
3. Is there signature compatibility between the 2 products - I have not seen
anything concrete in the news groups to indicate that there is a problem.
4. If this is an incompatibility, is there a work-around? Certainly, there is
communication between users of these 2 rival products!
5. What needs to be done in order for this to operate properly.
Appreciate any help.
Thanks,
Mike