Why are signatures marked as bad?

Dave Barton db at tasit.net
Sat Dec 23 11:50:51 CET 2006

On Thu, 2006-12-21 at 22:44 -0800, Robert Smits wrote:
> I'm using the KGpg that comes with Suse 10.1. I use the KDE desktop and hence 
> Kmail to send my email. 
> When I sign a message with my personal key, when it leaves my outbox the 
> message is marked by a green banner saying "Message was signed by 
> bob at rsmits.ca (Key ID: 0xA3DF27D8336EF8A7).
> The signature is valid and the key is ultimately trusted."
> If I send it to myself, the messages comes back with a red banner saying 
> "Message was signed by bob at rsmits.ca (Key ID: 0xA3DF27D8336EF8A7).
> Warning: The signature is bad."
> The signature itself is not outdated, so why is this happening?
> Thanks, Bob.

Sorry I don't have an answer to your question, but FWIW your signature
is appears to be valid in Evolution (see below). I am also running SuSE
10.1 and use Kgpg. As much as I would like to, I can't use Kmail for a
completely unrelated reason.


This message is signed with a valid signature,but the sender of the
message cannot be verified.

gpg: armor header: Version: GnuPG v1.4.2 (GNU/Linux)
gpg: Signature made Fri 22 Dec 2006 17:45:15 EST using DSA key ID 336EF8A7
gpg: requesting key 336EF8A7 from hkp server wwwkeys.pgp.net
gpg: armor header: Version: SKS 1.0.10
gpg: pub  1024D/336EF8A7 2006-07-13  Bob Smits (New 10.1 key) <bob at rsmits.ca>
gpg: using classic trust model
gpg: key 336EF8A7: public key "Bob Smits (New 10.1 key) <bob at rsmits.ca>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: Good signature from "Bob Smits (New 10.1 key) <bob at rsmits.ca>"
gpg:                 aka "[jpeg image of size 7778]"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: A2DE 65EB F87B BC71 ECB3  BA6F A3DF 27D8 336E F8A7
gpg: binary signature, digest algorithm SHA1

More information about the Gnupg-users mailing list