unable to verify mail messages as signed files

Alessandro Vesely vesely at tana.it
Sat Apr 21 21:12:35 CEST 2007

I've installed a tool to verify signed mail, enigmail,
that signals lots of bad signatures, using gpg. When
I verified those messages "manually" they were all ok.

Disagreement happens after the tool combines text and
signature into a unique file. I reproduced it as follows:

  D:\tmp>gpg --verify mailverify-sep.txt.asc mailverify-sep.txt
  gpg: Signature made 04/21/07 00:18:41 using DSA key ID [omission]
  gpg: Good signature from "[omission]"
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: [omission]

and then

  D:\tmp>printf "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n" > h

  D:\tmp>cat h mailverify-sep.txt mailverify-sep.txt.asc > mailverify2.txt

  D:\tmp>gpg --verify mailverify2.txt
  gpg: Signature made 04/21/07 00:18:41 using DSA key ID [omission]
  gpg: BAD signature from "[omission]"

How come?

I've tried adding/removing blank lines, and setting
various options, to no avail. I have the feeling that
the error depends on gpg trying to emulate some ill
pgp behavior. The message has spaces at the end of
some lines. Is that treated differently in case there
is an armor filter?

That was on XP using gpg (GnuPG) 1.4.7.

TIA for any help

More information about the Gnupg-users mailing list