Key Transition Letter 2009-05-21

Charly Avital shavital at mac.com
Thu May 21 13:28:30 CEST 2009


Allen Schultz wrote the following on 5/21/09 5:35 AM:
[...]

> 
> Please let me know if there is any trouble, and sorry for the
> inconvenience.

[...]

No inconvenience.

Results of signature verification and key usage:

-----BEGIN GPG OUTPUT-----
gpg: Signature made Thu May 21 05:34:13 2009 EDT using RSA key ID F55651E0
gpg: BAD signature from "Allen Schultz (aldaek) <allen.schultz at gmail.com>"
-----END GPG OUTPUT-----


$ gpg --edit-key F55651E0
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub  3072R/DAD4736B  created: 2009-05-20  expires: never       usage: SC
                     trust: unknown       validity: unknown
sub  2048R/F55651E0  created: 2009-05-20  expires: 2010-05-20  usage: S
sub  2048R/5687B83E  created: 2009-05-20  expires: 2010-05-20  usage: E
[ unknown] (1). Allen Schultz (aldaek) <allen.schultz at gmail.com>
[ unknown] (2)  [jpeg image of size 6128]


Command> check
uid  Allen Schultz (aldaek) <allen.schultz at gmail.com>
sig!3        DAD4736B 2009-05-20  [self-signature]
sig!         EE79C636 2009-05-20  Allen Schultz <allen.schultz at gmail.com>
uid  [jpeg image of size 6128]
sig!3        DAD4736B 2009-05-20  [self-signature]

To sum up (as far as I can sum up).

1. Your message (who shows in the PGP headers both SHA1 and SHA256)
shows that signature has been done using the signing subkey F55651E0 of
primary key DAD4736B.

2. Signature does not verify. Your photo file can be displayed.

3. Your primary key DAD4736B has been signed using EE79C636 (as you said
it would be):

$ gpg --edit-key EE79C636
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub  1024D/EE79C636  created: 2009-04-24  expires: never       usage: SC
                     trust: unknown       validity: unknown
sub  2048g/762B1E36  created: 2009-04-24  expires: never       usage: E
[ unknown] (1). Allen Schultz <allen.schultz at gmail.com>

Command> check
uid  Allen Schultz <allen.schultz at gmail.com>
sig!3        EE79C636 2009-04-24  [self-signature]

4. I cannot sign your key, not because I am double extra paranoid or
even simple basic paranoid (which I am), but because I don't know you, I
can't ascertain that you are who to claim to be, or that the above key
or keys belong to you.

There are some basic rules to the Web of Trust.

Best regards,
Charly




More information about the Gnupg-users mailing list