BAD signature and (2) auto SHA1

Tamer Higazi tamer.higazi@web.de
Sat Aug 2 14:12:02 2003 

Hi!

1. Bad singniture means that you didn't sign the key of your korrespondent 
partner.
You have to do it with

gpg --edit-key UserID

The UserID is available with:

gpg --list-keys

then you receive an output on the screen with all public keys (and your own 
keypair). Beside th keynumber
like this.... pub  4096R/E65ACC8A
UserID would be: E65ACC8A

so the command would be: gpg --edit-key E65ACC8A

then you run the 3 commands:
sign (wants your password of your secretkey to sign this key)
trust (to trust the key)
save (to save all changes and to get out of the key-edit-menu and return 
back to the shell)

After you have signed and trust the key the next time you recieve from the 
other person a signed message, will be registered under GPG as "Good 
Signiture" because you have signed  his/her key before.

2. People sometimes sign messages which has no value. As i described at 
Point1 you have to sign and trust the other key which you added before in 
your keyring (the are stored all in pubring.gpg <<PGP 8 pubring pkr>>).

Tamer

--On Samstag, August 02, 2003 04:21:03 -0500 DIG <dig.list@nm.ru> wrote:

> Hi, GnuPG people!
>
> I can easily verify the signature for almost all messages that I receive
> (I use mutt 1.2.5.1i + gnupg 1.2.1). But there are few messages that I
> can not verify automatically. So, I would like to ask you two questions.
>
> 1. First group of messages returns "BAD signature". What is the best way
> to find out whose fault it is (as in famous Russian question)? It is my
> fault, or it is the fault of my correspondent?
>
> 2. Second group of messages contains messages like this:
>
>     -----BEGIN PGP SIGNED MESSAGE-----
>     Hash: SHA1
>
>     Beginning of the message...
>
>     End of message.
>
>     -----BEGIN PGP SIGNATURE-----
>     Version: GnuPG v1.2.1 (GNU/Linux)
>     Comment: some comment
>
>     iD8DBQE/IB9XVbJM14DSCi0RAlD6AKDlGy5pR0CkGW+7urdQ8RdLfVDNPACfQ7jf
>     6YC96a+V6MbxlwJpThv1m3w=
>     =HEsh
>     -----END PGP SIGNATURE-----
>
> So, my question is: how can I verify the messages like this one
> automatically? Are there some rules or something that I can put into my
> ~/.procmailrc or my ~/.muttrc?
>
>
> Thank you in advance,
>
> --
> DIG (Dmitri I GOULIAEV)        http://www.bioinformatics.org/~dig/
> 1024D/63A6C649: 26A0 E4D5 AB3F C2D4 0112  66CD 4343 C0AF 63A6 C649
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users