What causes this bad signature

david at gbenet.com david at gbenet.com
Sun Nov 15 03:03:06 CET 2015 

On 14/11/15 20:28, Sebastian Wiesinger wrote:
> Hello,
> 
> for fun I tried a German government (or public-private partnership)
> service that signs your PGP key if your name on a uid matches the
> electronic data on your ID card (Neuer Personalausweis, nPA). I tried
> this and got my signed key back. I tried to import it into my keyring
> and imagine my surprise when it didn't show up. Reason being: I have
> "import-options import-clean" set and the signature is somehow bad.
> 
> Is there a way to see why the signature is bad? If I decide to let
> them know that their service fails I would like to be able to tell
> them what they did wrong.
> 
> My key is 0x58A2D94A93A0B9CE and their signature comes from
> 0x5E5CCCB4A4BF43D7:
> 
> pub   2048R/0x58A2D94A93A0B9CE 2009-08-11
> uid                 [ultimate] Sebastian Wiesinger <sebastian at karotte.org>
> sig!3   P    0x58A2D94A93A0B9CE 2015-03-27 never       Sebastian Wiesinger <sebastian at karotte.org>
> sig-3      1 0x5E5CCCB4A4BF43D7 2015-11-14 never       Governikus OpenPGP Signaturservice (Neuer Personalausweis) <kontakt at governikus.com>
> 
> I attached the signed key for your interest.
> 
> Regards Sebastian
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
Sabastian,

Your key has been signed by 16 other people - all unknown. No ID apart from one 65D0FD58 -
CA Cert Signing Authority (Root CA) <gpg at cacert.org> though your key is fully detailed at
http://keys.gnupg.net/pks/lookup?search=+0x58A2D94A93A0B9CE&op=vindex - may be you need to
download your public key from a key server - always a good idea when you have uploaded it
after your key has been signed.

You can only use this signature for signing (not encrypting) and for certification. Bad?
There appears to be nothing bad about this public key - why would you get 16 people to sign
a key if you were not going to communicate with them?

David


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20151115/82030e41/attachment-0001.sig>

More information about the Gnupg-users mailing list