Digital archeology -- verifying a signed Usenet message from 1995
Jacob Bachmeyer
jcb62281 at gmail.com
Mon May 18 04:30:06 CEST 2026
On 5/17/26 10:51, Lars Noodén via Gnupg-users wrote:
> On 5/17/26 17:35, Robert J. Hansen via Gnupg-users wrote:
>>> What should I be looking at to work with an old version of GnuPG
>>> having sufficiently outdated cipher and checksum algorithms to
>>> verify a Usenet message¹ from 1995?
>>
>> GnuPG 1.4 might be able to. But you'll need Ylönen's ClassicPGP
>> certificate, I'm afraid, and that might be hard to find.
>
> Thanks. I've installed GnuPG 1.4.23-2 for now.
>
> And it looks like Tatu Ylönen's public key is there at the end of his
> message, plus there is the same key ID at pgp.mit.edu even today. But
> that public key is not self-signed which presents a problem that I
> have tried to address¹ with the --allow-non-selfsigned-uid option.
>
> However, if the above approach was correct, then I'm somehow
> approaching the verification incorrectly:
>
> $ gpg1 --list-keys
> /home/me/.gnupg/pubring.gpg
> -----------------------------
> pub 1024R/DCB9AE01 1995-04-24
> uid Ssh distribution key <ylo at cs.hut.fi>
>
> $ gpg1 --verify message.usenet
> gpg: Signature made Wed 12 Jul 1995 05:50:42 PM EEST using RSA key ID
> 961F4A35
> gpg: Can't check signature: public key not found
>
> $ gpg1 -u ylo at cs.hut.fi --verify message.usenet
> gpg: Signature made Wed 12 Jul 1995 05:50:42 PM EEST using RSA key ID
> 961F4A35
> gpg: Can't check signature: public key not found
Found your problem: the signature is from key 961F4A35 but you only
have key DCB9AE01. "Go fish"---you will need the public key with ID
961F4A35 to verify that signature.
-- Jacob
More information about the Gnupg-users
mailing list