modern GnuPG verify signatures
stefan.claas at posteo.de
Thu Jun 15 22:47:00 CEST 2017
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 15 Jun 2017 23:29:41 +0300
Teemu Likonen <tlikonen at iki.fi> wrote:
> Stefan Claas [2017-06-15 18:59:41+02] wrote:
> > I clearsign a text file and verify it and modern GnuPG shows me this:
> > gpg --verify my_message.txt
> > gpg: Signature made Do 15 Jun 18:31:05 2017 CEST
> > gpg: using RSA key 2BAF85F9281ABD543823C7C5981EB7C382EC52B4
> > gpg: Good signature from "Stefan Claas <stefan.claas at posteo.de>" [ultimate]
> > A friend just recently posted a message in a Usenet Group and i get this:
> > gpg --verify m123.eml
> > gpg: Signature made Xx 00 Jun 00:00:00 2017 CEST
> > gpg: using RSA key 0000000000000000
> > gpg: Good signature from "xxxxxx xxxxxxxxx <xxxxxxx at example.com>" [full]
> > gpg: xxxxxx at example.com: Verified 4 signatures in the past 7 days.
> > Encrypted 0 messages.
> Perhaps it can be seen as bug that there is the full fingerprint in some
> places and long key id in other places.
> I'm guessing that there are different code paths internally: In the
> first example the trust level is calculated from web of trust (own key,
> ultimate trust). In the second example there's also tofu trust model
> involved because it shows statistics for verifying and encryption.
> But those who know the code can answer.
Thanks for your reply!
Well, then let's wait and see what other people say, who know the code.
Maybe members can confirm the same behaviour under Windows and Linux.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users