BAD Signature

Anthony E. Greene
Wed Jul 31 22:21:02 2002

Hash: SHA1

On 31-Jul-2002/13:34 -0400, Daniel Carrera <> wrote:
>Does anyone know what a "BAD Signature" is.
>I haven't found that anywhere in the documentation.  How  can a signature
>be bad and gpg still know who it belongs to?

This is exactly what would happen if the data were changed after it was
signed. The hashed data is all there and readily interpreted by GPG. It
can get the keyid, and probably the date/time of signing. It's just that
the signed data does not match the hash.

This is also what would happen if the verifying app used a different hash
algorithm than the originating app.

I seem to remember that OpenPGP says that clearsigned messages must either
specify the hash algorithm, or use the MD5 hash. This allows
interoperatbility with PGP 2.6x, which used MD5 and did not specify a hash
algorithm in the clearsigned header. The header of the test message does
not specify a hash, so it should be using MD5.

But when I tried to verify the message, GPG output:

gpg: Signature made Wed 31 Jul 2002 09:49:03 AM EDT using DSA key ID
gpg: BAD signature from "Konrad Podloucky <>"

Note the "DSA key". That probably means it used the SHA1 hash, but failed
to say so in the header.

So I edited the message to add the hash header and low and behold:

gpg: Signature made Wed 31 Jul 2002 09:49:03 AM EDT using DSA key ID
gpg: Good signature from "Konrad Podloucky <>"

The app that generated this message is not OpenPGP compliant. Apparently
NAI PGP allows for this kind of broken input, but GPG does not.

- -- 
Anthony E. Greene <>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26  C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05      HomePage: <>
Linux: the choice of a GNU Generation. <>

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene 0x6C94239D <>