Can't decrypt PGP 8 msg

DIG Dmitri I GOULIAEV <dmitri.gouliaev@telkel.net>
Thu Sep 11 00:59:10 2003


--ibq+fG+Ci5ONsaof
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi, Neil Williams !

 On Wed, Aug 06, 2003 at 06:21:55PM +0100, Neil Williams wrote:

> On Tuesday 05 Aug 2003 10:07 pm, Eugene Smiley wrote:
>=20
> Eugene, why have your recent posts showed up with DOUBLE signatures?
>=20
> Message was signed with unknown key.
> The validity of the signature cannot be verified.
> Status: No signature found
> Message was signed by T. Eugene Smiley (Key ID: 0xA7EDFD2F).
> The signature is valid, but the key is untrusted.
>=20
> ??
>=20
> Has anyone else been seeing this?

Yes, I saw it.=20

For me (and for my mutt-1.2.5.1i) his message is two parts message:

,---[ mutt: attachments ]---
| I   1 <no description>                 [text/plain, 7bit, us-ascii, 2.1K]=
=20
| A   2 S/MIME Cryptographic Signature   [applica/x-pkcs7-si, base64, 4.7K]=
=20
`---[ ]---

First part is an in-line part, and second one is an attachment.

When I just read his entire message (or just its first part), I can pass it=
 through the pipe (``gnupg --verify'') and I obtain this:

,---[ | gnupg --verify ]---
| gpg: Signature made Tue Aug  5 16:06:57 2003 CDT using DSA key ID A7EDFD2F
| gpg: Good signature from "T. Eugene Smiley <eugene@esmiley.net>"
| gpg:                 aka "GSWoT:1:215:A7EDFD2F"
| gpg:                 aka "T. Eugene Smiley (Webmaster) <esmiley@esmiley.n=
et>"
| gpg: WARNING: This key is not certified with a trusted signature!
| gpg:          There is no indication that the signature belongs to the ow=
ner.
| Primary key fingerprint: 5B8F E97F 9E56 077A 17A9  3B9A E903 ED02 A7ED FD=
2F
`---[ ]---

But I do not know what to do with his second part.

> The outside mime boundary contains:
> Content-Type: application/x-pkcs7-signature; name=3D"smime.p7s"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename=3D"smime.p7s"
> Content-Description: S/MIME Cryptographic Signature
>=20
> Yet it doesn't verify as S/MIME - it comes up as unknown mime type in KMa=
il.=20
> The block is also VERY long (4.7kb), more like an attached public key rat=
her=20
> than a signature? (yet it lacks the BEGIN/END PGP KEYBLOCK lines or=20
> comments). gpg complains of a lack of OpenPGP data when the block is save=
d as=20
> a file. The email itself verifies nicely, it's just the double signature =
that=20
> is confusing me.


Best regards,

--=20
DIG (Dmitri I GOULIAEV)
1024D/63A6C649: 26A0 E4D5 AB3F C2D4 0112  66CD 4343 C0AF 63A6 C649


--ibq+fG+Ci5ONsaof
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/X6yLQ0PAr2OmxkkRApeKAJ4kB6bci850VKuFO2U5I6whnJIKhwCeOe74
7p+dEnTQ+5EErp9ViZ11Res=
=gvvz
-----END PGP SIGNATURE-----

--ibq+fG+Ci5ONsaof--