Upgrade from GnuPG 1.4.5 to 1.4.9 breaks signature verification in PGP

Ronald Cook n1zhi at mac.com
Wed Apr 15 03:10:19 CEST 2009


I've been scouring the gnupg-users mail archives but haven't yet seen
a solution to this.

One of our clients recently upgraded their production installation of
GnuPG 1.4.5 to version 1.4.9.  They send encrypted / signed files to
us almost daily for real-time financial processing.

Prior to their upgrade, files received from them passed signature
verification and decrypted successfully in our production installation
of PGP 6.x, circa 1999-2000.  Since the upgrade, signature
verification fails.

They've not changed their key and  manual decryption / verification
works correctly through a stand-alone GnuPG 1.4.9.

It took a while for us to get them to admit to the upgrade; now they
can't recall if they had any specific command line options in place
that might not have been replicated to the new version.

Might anyone have any ideas as to anything we can suggest to them, or
any comments as to what might have changed in their process?

Feel free to request more information.  If I can provide it without
violating my employer's NPI regulations, I'll be glad to do so.

Thank you.

Ron Cook
n1zhi at mac.com

More information about the Gnupg-users mailing list