BAD signature - potential timezone problem

Greg Sosna g.sosna at auckland.ac.nz
Wed Apr 12 04:50:36 CEST 2017


I've received two files from the same sender who uses OpenPGPBlackbox, they assure me that they are both encrypted the same way with the same parameters, just at different times. The sender is located in Sydney, NSW, Australia and I am located in Auckland, New Zealand.  The files are generated at 10pm and 4am Sydney time.  Both of the files decrypt correctly using GnuPG 2.1.18 but the one generated at 10pm receives bad signature, while the one at 4am receives good signature irrelevant of what time I try to decrypt them. The times of the signing that GPG reports are correct (in American date format).

My question is whether there is anything else I can do to troubleshoot this issue to get to the bottom of the problem ?

.\GnuPG\bin\gpg.exe --verbose -o output_4am.txt --decrypt decryptedfile_4am.gpg

gpg: public key is ...
gpg: public key is ...
gpg: using subkey ... instead of primary key ...
gpg: encrypted with 4096-bit RSA key, ID ..., created 2016-10-20
      "GPG key TEST"
gpg: encrypted with 4096-bit RSA key, ID ..., created 2016-10-20
      "GPG key TEST"
gpg: CAST5 encrypted data
gpg: Note: sender requested "for-your-eyes-only"
gpg: Signature made 04/12/17 06:06:36 New Zealand Standard Time
gpg:                using RSA key ...
gpg: using pgp trust model
gpg: Good signature from "..." [full]
gpg: textmode signature, digest algorithm SHA1, key algorithm rsa2048


.\GnuPG\bin\gpg.exe --verbose -o output_10pm.txt --decrypt decryptedfile_10pm.gpg

gpg: public key is ...
gpg: public key is ...
gpg: using subkey ... instead of primary key ...
gpg: encrypted with 4096-bit RSA key, ID ..., created 2016-10-20
      "GPG key TEST"
gpg: encrypted with 4096-bit RSA key, ID ..., created 2016-10-20
      "GPG key TEST"
gpg: CAST5 encrypted data
gpg: Note: sender requested "for-your-eyes-only"
gpg: Signature made 04/12/17 00:02:13 New Zealand Standard Time
gpg:                using RSA key ...
gpg: using pgp trust model
gpg: BAD signature from "..." [full]
gpg: textmode signature, digest algorithm SHA1, key algorithm rsa2048

regards,

Greg Sosna
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170412/5bee99e2/attachment.html>


More information about the Gnupg-users mailing list