bad signatures

Lee Roberts n0sq@arrl.net
Sat Mar 30 18:13:01 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 29 March 2002 12:25 pm, Ingo Kl=F6cker wrote:
> On Tuesday 26 March 2002 05:01, Lee Roberts wrote:
> > Why does everyone say my GPG signature is bad while their PGP
> > signature shows good? I did a decrypt/verify of one of my GPG
> > messages with PGP and it gives a bad signature also. So far, I don't
> > see anything wrong with my GPG configuration.
>
> I found the problem. In full compliance with the OpenPGP specs GPG uses
> v4 signatures by default. GPG has an option to force it to use v3
> signatures. man gpg says:
>        --force-v3-sigs
>                  OpenPGP states  that  an  implementation  should
>                  generate v4 signatures but PGP 5.x recognizes v4
>                  signatures only on key  material.   This  option
>                  forces v3 signatures for signatures on data.
>
> Obviously PGP 6.5.8 also can't handle v4 signatures.
>
> Solution:
> Add 'force-v3-sigs' to your ~/.gnupg/options file.
>
> Regards,
> Ingo

Looks like that was the problem. The signature looks good on my PGP 6.5.8=
 now=20
but I haven't heard back from my friends yet to be sure that their versio=
n of=20
PGP shows the signature as good.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Encryption isn't just for secrets......

iD8DBQE8pfGHUdYCmRtxtWQRAq0/AJ9futRCf5SCAfCd3Sg1uA/jCbRHaACfZHED
pPzNw+aOhOK4rf/koet4hZ8=3D
=3Dkhzx
-----END PGP SIGNATURE-----