What causes this bad signature

Peter Lebbing peter at digitalbrains.com
Wed Nov 18 15:15:40 CET 2015


On 18/11/15 13:53, david at gbenet.com wrote:
> I downloaded  the key and all sub-keys. Neither GPA Kgpg or Kleopatra give any warnings
> about this key. You don't say what's bad about it - which is why your not getting much help
> here.

Actually, I understand what he means, I just don't know how to
investigate further. I tried with --debug-*, but I got no more info, and
was at a loss how to continue right there and then, so I didn't post a
reply.

>From his original post:
> My key is 0x58A2D94A93A0B9CE and their signature comes from
> 0x5E5CCCB4A4BF43D7:
> 
> pub   2048R/0x58A2D94A93A0B9CE 2009-08-11
> uid                 [ultimate] Sebastian Wiesinger <sebastian at karotte.org>
> sig!3   P    0x58A2D94A93A0B9CE 2015-03-27 never       Sebastian Wiesinger <sebastian at karotte.org>
> sig-3      1 0x5E5CCCB4A4BF43D7 2015-11-14 never       Governikus OpenPGP Signaturservice (Neuer Personalausweis) <kontakt at governikus.com>

Note the sig-3 line; the dash indicates a bad signature, as the man page
indicates for --check-sig. Additionally, GnuPG outputs the line:

> gpg: 1 bad signature

which he didn't include in his quote because he trimmed the console
output; it would have included about 55 other signatures, so I get why
he did that ;).

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list