Signature verification problem

Michael Anckaert
Wed Jul 31 16:55:02 2002

Hash: SHA1

On woensdag 31 juli 2002 16:15, you wrote :
> Hi guys,
> I'm just in the process of evaluating some OpenPGP solutions for the
> company I work for, and I stumbled onto this problem:
> I used CryptoEx' Outlook plugin to cleartext-sign a mail, which I tried to
> verify with gpg.
> gpg gives me a BAD signature (both 1.0.6 and 1.0.7). However CryptoEx'
> plugin verifies the signature as being good (OK, otherwise it would be
> pretty embarrassing) and NAI's PGP (7.0.3) also says that the signature is
> ok.
> I've attached the relevant message and the public part of the key used to
> sign the message. Unfortunately I don't have enough knowledge about the
> OpenPGP standard or the implementations to give this problem a better look.
> Would be great if somebody could shed some light on this issue.

When I import your public key and try to verify your signature, gpg also says 
that the signature was bad. I think that cryptoEx isn't fully compliant with 
Why? haven't got a clue :(

Michael Anckaert
If you use envelopes, why not use encryption??
OpenPGP Key: 0xF92DD60A
OpenPGP Key fingerprint: DDF5 7DDE F906 83CB 6BA7  995C 8F82 0E4B F92D D60A
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see