MIME or inline signature ?

Damien Goutte-Gattat dgouttegattat at incenp.org
Sun Feb 15 17:11:36 CET 2015


On 02/15/2015 04:12 PM, Stephan Beck wrote:
> Obviously, it indicates a key ID 0xBA4909B78F04DE1B and links to a key that is
> not the key the message was signed with (which is DE2FFC869AFA5165, according to
> Enigmail/gpg), even if the fingerprint is given as well.

Well, the 0xDE2FFC869AFA5165 key is a signing subkey of Xavier’s master 
key 0xBA4909B78F04DE1B. Indicating the master key (which is the one 
everyone needs to know about and sign) instead of the signing subkey is 
the correct thing to do. By downloading the master key from a keyserver, 
you will automatically fetch the signing subkey as well.

You seem to have misinterpreted Enigmail’s error message. When it says:

   Error - signature verification failed
   Public key DE2FFC869AFA5165 needed to verify signature

   BAD signature from Xavier Maillard <xavier at maillard.im>

the second line does not imply that the indicated key is not available. 
Enigmail displays such a line everytime a signature verification fails, 
even when the indicated key *is* present in your keyring (which is 
somewhat misleading).

The important line is the third, which tells that Enigmail was in fact 
able to perform the verification (meaning it has the right key).

Now, I don’t know why the verification failed, but I do note, quite 
ironically, that this is an inline signature, while a previous message 
from Xavier, with a PGP/MIME signature from the same key, was verified 
correctly…

Damien

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150215/8194cc54/attachment.sig>


More information about the Gnupg-users mailing list