Removing a bad signature in a key

David Scribner dscribner@yahoo.com
Fri Aug 2 02:23:02 2002


I had imported a few public keys to just experiment locally with
on my Linux box, and one of those keys (Philip Zimmermann's no
less, key ID 0xB2D7795E, imported directly from his web site)
shows one of the signatures as blank in GPA 0.4.3. (its the
first signature shown in the list for that key).

In Seahorse 0.5.0, the key itself is shown as blank, although it
can be expanded where again, the first signature is also blank,
but the other signatures are visable.

On a Windows platform, and in WinPT 0.5.5, if I view the
signatures on this key the "mystery signature" shows at the
bottom of the list as an RSA key, again with no keyid or uid.

Interestingly, I had imported this key from my gpg keyring into
PGP 6.5.8 (located on the Win system), and that particular
signature on the key was labeled as being "bad or invalid". I
made a note of the key ID for this signature so I could delete
it in gpg (0x8DE722D9 if I'm not mistaken, which shows as being
a valid signature on one of his other keys), but once I removed
that signature for some reason I've not been able to get it back
in there (for further testing). After deleting the key, I've
re-imported it from the original file, tried importing the key
from gpg's file, tried exporting the key from gpg, then
re-importing it into PGP, etc. to no avail... PGP no longer
wants to show this signature for some reason.

That's not my problem however, just a little background on what
I've done so far (and makes it apparent that although PGP is no
longer displaying that signature, as mentioned below, it's got
to still be in there somewhere if it's exporting it along with
the key).

Even though PGP no longer shows the signature on this key, if I
export it from there, then do a clean import into gpg using
WinPT, it shows that there is no userid, and has a date of
1970-03-06. A regular clean import into gpg processes the file
with no apparent problems, but it still shows as a blank
signature in GPA as well. When I list the signatures with gpg,
it lists the signature as "[unexpected signature class 0x1f]".

For the life of me I've not been able to get gpg 1.0.6 to allow
me to see, let alone remove this one signature when editing the
key (--edit-key). When it was visable at one point in PGP 6.5.8
I was able to do so there, but I'm wondering what I might be
missing to do this in gpg (I'm also curious as to why PGP
doesn't want to show it anymore, but since I've transitioned,
it's only a curiousity, not a problem).

Anyway, even though I'm just experimenting with this key, I'm
curious... Is there a way to identify, locate, and then delete,
one of these "invalid" signatures in gpg? I suspect that the
signature within the key must be corrupt, but once one of these
is imported, I'm at a loss as to rid the key of it. Any
thoughts?

Thanks for your help!

--Dave

=====
David D. Scribner           Email: dscribner_at_bigfoot.com
IT Consultant & Services      Web: www.bigfoot.com/~dscribner/
Ph: (817) 461-4018           eFax: (630) 214-7769
CompTIA Linux+, Network+, A+ Certified Professional Technician
GnuPG/PGP: 3172 7408 58CA D9C2 F697  950F 9DDC

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com