GPG>PGP signature validation

Jan Drugowitsch
Fri May 18 23:36:01 2001


 > We use PGP to encrypt and sign data files which are then transmitted 
over the
 > internet to our various trading partners. The PGP version we use is 
 > Server(tm) Version 7.0.1 and it is running on an AIX(unix) platform. 
Recently we
 > set up a trading relationship with a company who uses GNUPG version 1.0.4
 > running on an NT box. When we decrypt a file from the GPG site, 
transmitted via
 > either ASCII or binary ftp, the decryption is performed successfully and PGP
 > exits with a returncode of "0" - but the following message appears in the
 > logfile we keep:
 > event 12: Signature
 >   WARNING: Bad signature, doesn't match file contents!

regarding to
5.5) Why is PGP 5.x not able to verify my messages?
PGP 5.x does not accept V4 signatures for data material but OpenPGP
requires generation of V4 signatures for all kind of data. Use the
option "--force-v3-sigs" to generate V3 signatures for data.

i've had the same problem today (incompatibility of pgp 7.0.2 and gnupg 
1.0.5) and solved it this way. so it seems that the fault is not on your 
side (as you are using v3 signatures). just tell the other company to use 
the '--force-v3-sigs' or put 'force-v3-sigs' in their option-file.

 > We have a number of trading partners also using PGP and have not had 
 > validation problems. Our new trading partner has successfully validated 
 > signature with GPG. We would like to eliminate the cause for this 
message since
 > we expect to have many trading relationships with GPG shops, and a good
 > signature validation is verification that our datafile has not been tampered
 > with.
 > Questions:
 >   1. Can a signature from GPG be validated by PGP?

yes, if it's a v3-signatures

 >   2. Is this a configuration issue?

yes, on the gpg-side, as this side is 'more advanced' ;-)

 >   3. Is there signature compatibility between the 2 products - I have 
not seen
        anything concrete in the news groups to indicate that there is a 


 >   4. If this is an incompatibility, is there a work-around? Certainly, 
there is
        communication between users of these 2 rival products!

already mentioned above

 >   5. What needs to be done in order for this to operate properly.

already mentioned above

hope this helps

jan drugowitsch