(1) BAD signature and (2) auto SHA1
DIG
Dmitri I GOULIAEV <dmitri.gouliaev@telkel.net>
Thu Sep 11 00:59:06 2003
--yhze8HlyfmXt1APY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi, Kyle Hasselbacher !
On Mon, Aug 04, 2003 at 10:50:50AM -0500, Kyle Hasselbacher wrote:
> On Sat, Aug 02, 2003 at 04:21:03AM -0500, DIG wrote:
>=20
> >1. First group of messages returns "BAD signature". What is the best way
> >to find out whose fault it is (as in famous Russian question)? It is my
> >fault, or it is the fault of my correspondent?
>=20
> Someone else already answered this better than I. Basically it means the
> message was altered since it was signed. It may have been altered by
> software not sensitive to signatures, or it's a dreaded attacker trying to
> falsify a message.
That was exactly the case -- signed part of the message was altered. And th=
e "attacker" was my e-mail provider.
> >2. Second group of messages contains messages like this:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
>=20
> In Mutt, the easiest way might be to pipe the message to gpg and witness
> the output. Type this:
>=20
> |gpg --verify
>=20
> It'll tell you if the signature is good. In newer versions of Mutt, you
> can do "escape P", and it will check the message for in-line PGP like the
> above and treat it accordingly.
>=20
> Neither of those is automatic, though.
Thanks for the tip, Kyle.=20
Now I use a semiautomatic solution. I just added next two lines:
macro index \Cv "|gpg --verify\n" 'verify in-line PGP signature'
macro pager \Cv "|gpg --verify\n" 'verify in-line PGP signature'
=2E.. to my muttrc file. And to verify somebody's in-line signature, I just=
press [Ctrl-V].=20
[To ALL]
So, I already solved most of my problems with ``BAD signatures'' on this li=
st.=20
But I still have difficulties with some of them. Is there some list or some=
thing, where I could ask if my signature is correct (to be sure that it wil=
l work for others)? Is it appropriate in this list to ask others if my sign=
ature is correct or not? And IF this list is an appropriate place for askin=
g such question, can I ask you what software you are using (in both cases)?
P.S. I know, I know. It was more than month ago -- I try to catch up!
Best regards,
--=20
DIG (Dmitri I GOULIAEV)
1024D/63A6C649: 26A0 E4D5 AB3F C2D4 0112 66CD 4343 C0AF 63A6 C649
--yhze8HlyfmXt1APY
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/X6xcQ0PAr2OmxkkRAv8qAKCZRTcwzFVOpwPdv6FAMDMKHe9LkwCgrYG4
tA760m4P0+R4wSEopSspZNQ=
=Wnfz
-----END PGP SIGNATURE-----
--yhze8HlyfmXt1APY--