Error message "gpg: Can't check signature: Broken public key"

Philip Jackson philip.jackson at nordnet.fr
Sun Dec 13 00:11:05 CET 2015 

On 11/12/15 22:42, MFPA wrote:
> 
>> > On my laptop, with Debian Jessie and gpg2.1.7, the
>> > signature verifies ok.  Again normal for 2.1.x
> Do both signatures verify correctly for you with 2.1.x, or does
> Enigmail still only pass on the result of one of them?
> 

I don't use the laptop regularly for mail but I did update its inbox
today just to check out what it does now.

gpg2.1.7 with enigmail 1.9a1 of 30 Nov 2015 verifies all your emails of
2015 as 'good signature'.  However, when I look to see more details, the
verification behind the enigmail 'Details' button quotes key ID
0x547B7194 which is the RSA 2048 public key identity.

But when I look into the enigmail log, there I see that signatures were
made by both EDDSA subkey 0x1712BC461AF778E4 and RSA subkey
0x6B7C74CEB31F25F0.

Getting back to the desktop --

On my desktop with 2.0.22 with enigmail 1.9a1 of 8 Oct 2015, enigmail
provides differing info depending on whether you're inline or pgp/mime.

The latter gives the more alarming info behind enigmail's Details button
"Untrusted bad signature ...."

But again, enigmail's logfile shows both subkeys were used.  Enigmail
doesn't use the available info which is there in the logfile wrt the RSA
key ...(I quote from the logfile)...

"using subkey 0x6B7C74CEB31F25F0 instead of primary key 0x251BCCEB547B7194
gpg: using PGP trust model
gpg: key 0x26BD500A23543A63: accepted as trusted key
gpg: Good signature from "MFPA" [unknown]
gpg:                 aka "2014-667rhzu3dc-lists-groups at riseup.net
<2014-667rhzu3dc-lists-groups at riseup.net>" [unknown]
gpg:                 aka "0x251BCCEB547B7194" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!"

Never mind the trust issue.  The logfile does show "good signature".


Philip


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20151213/8ed791da/attachment.sig>

More information about the Gnupg-users mailing list