modern GnuPG verify signatures

Stefan Claas stefan.claas at posteo.de
Thu Jun 15 22:47:00 CEST 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Thu, 15 Jun 2017 23:29:41 +0300
Teemu Likonen <tlikonen at iki.fi> wrote:

> Stefan Claas [2017-06-15 18:59:41+02] wrote:
> 
> > I clearsign a text file and verify it and modern GnuPG shows me this:
> >
> > gpg --verify my_message.txt
> > gpg: Signature made Do 15 Jun 18:31:05 2017 CEST
> > gpg:                using RSA key 2BAF85F9281ABD543823C7C5981EB7C382EC52B4
> > gpg: Good signature from "Stefan Claas <stefan.claas at posteo.de>" [ultimate]
> >
> > A friend just recently posted a message in a Usenet Group and i get this:
> >
> > gpg --verify m123.eml
> > gpg: Signature made Xx 00 Jun 00:00:00 2017 CEST
> > gpg:                using RSA key 0000000000000000
> > gpg: Good signature from "xxxxxx xxxxxxxxx <xxxxxxx at example.com>" [full]
> > gpg: xxxxxx at example.com: Verified 4 signatures in the past 7 days. 
> > Encrypted 0 messages.
> 
> Perhaps it can be seen as bug that there is the full fingerprint in some
> places and long key id in other places.
> 
> I'm guessing that there are different code paths internally: In the
> first example the trust level is calculated from web of trust (own key,
> ultimate trust). In the second example there's also tofu trust model
> involved because it shows statistics for verifying and encryption.
> 
> But those who know the code can answer.

Thanks for your reply!

Well, then let's wait and see what other people say, who know the code.
Maybe members can confirm the same behaviour under Windows and Linux.

Regards
Stefan

- -- 
https://keybase.io/stefan_claas
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEK6+F+SgavVQ4I8fFmB63w4LsUrQFAllC8kQACgkQmB63w4Ls
UrQNiAgAm18QjF4SzHpOvJZSCREFEtII57EKnrruV5jYqJRNAthqbDAdPJfP+x/z
eQ6MoomSm+0IZOKCfet22096SI1aTwsFaF7wmohpeqd03Rum3JEVpueYEdaZXWg0
gnV7t7wdThavFV6WBoJvnf3gvbVh0k92Pvo92Ns9UQQ01EZdlExEt4IkD9dzXlF5
JgtL2mpG3Nj3wM7Eanph0lfRaxeHo9Yi+iWaz35E6TIsRCmrmcBkGAmM5Kghb6Pr
pGk4VVPBpE0hJg8AdoAEy8/UacNebe6oIbmbI9PmpA58KVAHOam2t90Dj8g8Xp8W
GpBtDSb0KUrbKQSYzznBhCws649b2g==
=DS+C
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list