MIME or inline signature ?
Damien Goutte-Gattat
dgouttegattat at incenp.org
Sun Feb 15 17:11:36 CET 2015
On 02/15/2015 04:12 PM, Stephan Beck wrote:
> Obviously, it indicates a key ID 0xBA4909B78F04DE1B and links to a key that is
> not the key the message was signed with (which is DE2FFC869AFA5165, according to
> Enigmail/gpg), even if the fingerprint is given as well.
Well, the 0xDE2FFC869AFA5165 key is a signing subkey of Xavier’s master
key 0xBA4909B78F04DE1B. Indicating the master key (which is the one
everyone needs to know about and sign) instead of the signing subkey is
the correct thing to do. By downloading the master key from a keyserver,
you will automatically fetch the signing subkey as well.
You seem to have misinterpreted Enigmail’s error message. When it says:
Error - signature verification failed
Public key DE2FFC869AFA5165 needed to verify signature
BAD signature from Xavier Maillard <xavier at maillard.im>
the second line does not imply that the indicated key is not available.
Enigmail displays such a line everytime a signature verification fails,
even when the indicated key *is* present in your keyring (which is
somewhat misleading).
The important line is the third, which tells that Enigmail was in fact
able to perform the verification (meaning it has the right key).
Now, I don’t know why the verification failed, but I do note, quite
ironically, that this is an inline signature, while a previous message
from Xavier, with a PGP/MIME signature from the same key, was verified
correctly…
Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150215/8194cc54/attachment.sig>
More information about the Gnupg-users
mailing list