Bug: Unusable key

[gabriel rosenkoetter]

On Wed, Feb 04, 2004 at 09:51:25AM -0700, Thomas Spuhler wrote:
> But in this case, the whole signature part was at the end of the e-mail
> message, where I normally have the signature icon.

I don't believe that was the case. I don't have the original message
locally any more, but I'm pretty sure it had:
  /^-----BEGIN PGP SIGNED MESSAGE-----$/
before any message text. The message text is followed by:
  /^-----BEGIN PGP SIGNATURE-----$/
which is actually the beginning of the signature.

Clear-signed messages never have the signature before the text
(mostly because that would mean you just had to store the signature
till you'd raead the message and computed a checksum of it against
which to compare the signature's version).

> The second questions Thomas, you list in plain text GPG KeyID: 114AA85C
> which can be found on a public key server, but then your actual
> signature on your e-mail has ID BBA8F8F5 and that one cannot be found on
> a public keyserver.

If you actually can't find BBA8F8F5, you're using one of the (many)
broken keyservers. Use subkeys.pgp.net.

> After downloading your signature with ID 114AA85C,
> GnuPG is able to read your signature that contains ID BBA8F8F5
> Why is that?

Because BBA8F8F5 is a subkey:

pub  1024D/114AA85C 2003-04-14 Thomas Sjogren <thomas at northernsecurity.net>
uid                            Thomas Sjogren <thomas at se.linux.org>
sub  2048R/BBA8F8F5 2003-09-12 [expires: 2004-09-11]
sub  2048R/D14F1B25 2003-09-12 [expires: 2004-09-11]
sub  2048g/474D6F70 2003-04-14

> If you would not have listed it in plain text, I would never have found
> it.

keyserver-options auto-key-retrieve include-subkeys would have,
though.

-- 
gabriel rosenkoetter
gr at eclipsed.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : /pipermail/attachments/20040204/5d14682e/attachment.bin