Signature verification problem
Michael Anckaert
xantor@xantor.tk
Wed Jul 31 16:55:02 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On woensdag 31 juli 2002 16:15, you wrote :
> Hi guys,
>
> I'm just in the process of evaluating some OpenPGP solutions for the
> company I work for, and I stumbled onto this problem:
> I used CryptoEx' Outlook plugin to cleartext-sign a mail, which I tried to
> verify with gpg.
> gpg gives me a BAD signature (both 1.0.6 and 1.0.7). However CryptoEx'
> plugin verifies the signature as being good (OK, otherwise it would be
> pretty embarrassing) and NAI's PGP (7.0.3) also says that the signature is
> ok.
>
> I've attached the relevant message and the public part of the key used to
> sign the message. Unfortunately I don't have enough knowledge about the
> OpenPGP standard or the implementations to give this problem a better look.
> Would be great if somebody could shed some light on this issue.
When I import your public key and try to verify your signature, gpg also says
that the signature was bad. I think that cryptoEx isn't fully compliant with
OpenPGP.
Why? haven't got a clue :(
Michael Anckaert
http://www.xantor.tk
xantor@xantor.tk
xantor@linux.be
If you use envelopes, why not use encryption??
OpenPGP Key: 0xF92DD60A
OpenPGP Key fingerprint: DDF5 7DDE F906 83CB 6BA7 995C 8F82 0E4B F92D D60A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj1H+o8ACgkQj4IOS/kt1gqLrACgkVF64stL9IyhckRaOx9AEZZr
NWcAnivuNcGEYnyoqkSgHlF9m8KWD8/e
=NeFX
-----END PGP SIGNATURE-----