Error message "gpg: Can't check signature: Broken public key"

[MFPA]

Hi


On Tuesday 8 December 2015 at 11:24:36 PM, in
<mid:20151208232436.72780e07 at abydos.stargate.org.uk>, Brad Rogers
wrote:


> It's the same for me;  A re-import of your key still
> results in an error(1).  

Which GnuPG version are you using?




> I've checked some (locally)
> archived emails from you (received via this list) and
> they verify fine.  Obviously, something's changed, but
> IDK what.  Whatever the change, it occurred between 15
> Nov and 7 Dec.  I have a message from the earlier date
> that verifies and a message from the latter date that
> doesn't.  Consequently, I believe the issue is
> something other than your keyfile.


I have two "local-user" lines in my gpg.conf file, 0x1712BC461AF778E4!
and 0x6B7C74CEB31F25F0!. The aim is a signature from EDDSA subkey
0x1712BC461AF778E4, but also a signature from my RSA subkey
0x6B7C74CEB31F25F0 that can be verified by GnuPG 1.4 or 2.0 versions.

On 6th December I switched the order of these lines, so that the RSA
signature comes last. An Enigmail and GnuPG 2.0 user told me he was
not seeing the "good" signature from 0x6B7C74CEB31F25F0. It appears
that if there are multiple signatures present, Enigmail only passes on
the GnuPG output for the last one.



> If it helps, I use a self-compiled (from GIT) Claws
> Mail as my MUA.

Maybe if there are multiple signatures present, your MUA only 
passes on the GnuPG output for the first one? I just switched them back 
round to see what happens.


> (1) Different error message "The signature can't be
> checked - End of file."  






-- 
Best regards

MFPA                  <mailto:2014-667rhzu3dc-lists-groups at riseup.net>

To steal ideas from one person is plagiarism; 
to steal from many is research.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 841 bytes
Desc: not available
URL: </pipermail/attachments/20151210/37cf90ee/attachment.sig>