Revoked keys and validating S/MIME sigs on the command line

Neil Williams linux@codehelp.co.uk
Tue Jul 22 21:52:02 2003 

--Boundary-02=_aZZH/VHANZ0X30y
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

GnuPG doesn't indicate if a signature has been made using a key that has be=
en=20
later revoked in the --verify option.

Shouldn't this be displayed? As a revoked key, it may have been compromised=
=20
and the signature could therefore be false.

All I get is:
The signature is valid, but the key's validity is unknown.

(It was a fully trusted key as, in this case, I'd actually verified and sig=
ned=20
it, so the change in status did alert me but it didn't reveal the reason fo=
r=20
the change and most sig's on this list use keys with unknown validity.)

Also, I can never seem to get S/MIME emails to verify at the command line,=
=20
only in KMail. Whenever I save the email, the signature becomes bad. I know=
=20
the signature is valid (because this is an old email sent before the key wa=
s=20
revoked and it validated at the time) but can't seem to reproduce that on t=
he=20
command line. Do I save the entire email or just the plain text and then=20
validate against the entire file or the detached signature as a discrete=20
file?
[neil@mdk91 Documents]$ gpg --verify signature signed\ data
gpg: Signature made Tue 20 May 2003 22:33:34 BST using DSA key ID 28BCB3E3
gpg: BAD signature from "Neil Williams (CodeHelp) "
[neil@mdk91 Documents]$ gpg --verify \[LUG\]\ XML\ Editors
gpg: no signed data
gpg: can't hash datafile: file open error
[neil@mdk91 Documents]$ gpg --verify signature.asc \[LUG\]\ XML\ Editors
gpg: Signature made Tue 20 May 2003 22:33:34 BST using DSA key ID 28BCB3E3
gpg: BAD signature from "Neil Williams (CodeHelp) "

(signature and signed\ data are the names suggested by KMail when using Sav=
e=20
As - do the filenames make a difference?)

Whichever way I do it, it seems to give me a bad sig. - even on my own sign=
ed=20
emails. The inline ones always verify OK.

=2D-=20

Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://slashdot.org/~codehelp


--Boundary-02=_aZZH/VHANZ0X30y
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/HZZaiAEJSii8s+MRAqjWAKChMYVHZ7A7JPqqx1BdZxjm+4fBngCg6ffX
EhVyL+ao2HgACHJDy4z1c4c=
=Pn5w
-----END PGP SIGNATURE-----

--Boundary-02=_aZZH/VHANZ0X30y--