Can anyone tell me why it is happening (fwd)

David Shaw dshaw at jabberwocky.com
Mon Oct 13 18:17:08 CEST 2003


On Mon, Oct 13, 2003 at 03:49:50PM -0400, Eugene Smiley wrote:

> Jeanine Gross wrote:
> > My company receives a file weekly from a bank. Every Monday, since
> > March, I decrypt the file using the pgp command. I just decrypted
> > one this morning (successfully). However, after I enter the
> > passphrase and the file is decrypted, I get the message that the
> > signature was made 9/20/03 using DSA key *****, and that it "can't
> > check signature: public key not found". I have not used any
> > commands at all except to decrypt the new file each week. This
> > leads me to believe that the DSA key is a new one that is not on
> > the public key ring that was setup by the former employee (my
> > CIO/IT - my manager's manager) in Feb 2003. I'm also guessing that
> > I will have to obtain this key, probably from my vendor?, and add
> > it to my ring .... does this make sense, am I correct in thinking
> > this?
> 
> It does make sense. It is possible that the vendor has changed keys.
> If you have "keyserver-options auto-key-retrieve" in your gpg.conf and
> the vendor has uploaded the key to the keyservers, gpg should retrieve
> the key. If you find that this option is in your gpg.conf, then the
> vendor hasn't uploaded the key and you'll need to get it from them
> directly.

Another possibility is that the vendor was only encrypting (and not
signing) the files earlier.  Now that the vendor is signing, you'd
naturally get the "can't check signature" message.

David



More information about the Gnupg-users mailing list