"key algorithm" in GnuPG's signature verification output

gnupgpacker gnupgpacker at on.yourweb.de
Tue Dec 9 11:58:47 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello,

signing with two keys in one block can be done. But also, if unequal technology used (e.g. RSA+edDSA)?

Verifying of MFPA's signature with Gpg-1.4.18 gave me:

gpg: Unterschrift vom 06.12.2014 16:56:22 mittels RSA-Schlüssel ID B31F25F0
gpg: FALSCHE Unterschrift von "0x251BCCEB547B7194" [unbekannt]
gpg: Unterschrift vom 06.12.2014 16:56:33 mittels ?-Schlüssel ID 1AF778E4
gpg: Unterschrift kann nicht geprüft werden: Unbekanntes Public-Key-Verfahren
Time: 09.12.2014 11:45:53 (09.12.2014 10:45:53 UTC)

Gpg-1.4.8 isn't captable using edDAS.
In my opinion output would be ok if a new edDSA key has been used!?
If RSA signing key has been used, there might be some fault...

Regards, Chris

(Testkey 0x3e2e0598, DSA-2048-sig)


> It seems that you (MFPA) changed your signing practice after I noted that
> I can't verify signatures created with your key “1AF778E4”. I did not know
> that one could sign a message with two keys in one signing block.

> I am wondering if there is a way to collapse the verification result for a
> multi-key signature down to a single “good” or “bad” value/result, because
> Enigmail gave me some ambiguous message about your signatures.

-----BEGIN PGP SIGNATURE-----

iF4EAREKAAYFAlSG1e4ACgkQI4+xq0ppLElTaAEA6HrAxq2sV30uRKp++6c/5zLa
mQ62Ec4SeUsUM7H1V/UA/i3pU18f5vZUCY1CYClTHBFLcEyGjeDDY7Z063rrNlTQ
=K9bu
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list