GPG self signature missing error
Christoph Anton Mitterer
christoph.anton.mitterer at physik.uni-muenchen.de
Mon Nov 23 13:33:07 CET 2009
On Mon, 2009-11-23 at 17:57 +0530, Rahul R wrote:
> then could you plz explain why it is not giving me any error on server
> B that has a gpg version 1.4?
I'm not sure, but it's likely that the older version did simply not
check for this.
Using a key with UIDs that are not signed by that key is dangerous, as
anybody could have attached such an UID to the respective key.
I could for example take your publich key, which has about the following
layout:
public key packet
UID packed
signature on the UID packet
...strip of the UID and signature packet and add my own (evil) UID. But
I cannot forge the signature on the UID, well not easily at least ;)
Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3387 bytes
Desc: not available
URL: </pipermail/attachments/20091123/85e6f828/attachment.bin>
More information about the Gnupg-users
mailing list