Can anyone tell me why it is happening (fwd)

Eugene Smiley eugene at esmiley.net
Mon Oct 13 16:49:50 CEST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeanine Gross wrote:
> My company receives a file weekly from a bank. Every Monday, since
> March, I decrypt the file using the pgp command. I just decrypted
> one this morning (successfully). However, after I enter the
> passphrase and the file is decrypted, I get the message that the
> signature was made 9/20/03 using DSA key *****, and that it "can't
> check signature: public key not found". I have not used any
> commands at all except to decrypt the new file each week. This
> leads me to believe that the DSA key is a new one that is not on
> the public key ring that was setup by the former employee (my
> CIO/IT - my manager's manager) in Feb 2003. I'm also guessing that
> I will have to obtain this key, probably from my vendor?, and add
> it to my ring .... does this make sense, am I correct in thinking
> this?

It does make sense. It is possible that the vendor has changed keys.
If you have "keyserver-options auto-key-retrieve" in your gpg.conf and
the vendor has uploaded the key to the keyservers, gpg should retrieve
the key. If you find that this option is in your gpg.conf, then the
vendor hasn't uploaded the key and you'll need to get it from them
directly.

> I have not had a chance to digest the pdf manual, nor have I
> ever seen any other documentation. I am a newbie at this. Should I
> pursue approaching the vendor - do I start there? I'm afraid this
> key will stop working all together at some point in time.

The key is already ineffective. The vendor has signed the file using
their secret key which you try to verify the authenticity of using
their public key. If the signature doesn't validate, anyone could be
sending the files. These untrusted files should net be processed
further without resolving this issue.

I recommend http://www.gnupg.org/gph/en/manual.html for a primer.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-nr2 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/iwHd6QPtAqft/S8RAqr0AJ9CPlY/jNkG+YwDekQKXJoKW0PHZgCeLiVI
QQXQ8x4Sug7Hx4hMxwuDNPc=
=mpq3
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3553 bytes
Desc: S/MIME Cryptographic Signature
Url : /pipermail/attachments/20031013/0292ed3f/smime.bin


More information about the Gnupg-users mailing list