[PGP/MIME Signatures] was: Re: Message to "moderator" Koh Choon Lin
NoOp
glgxg at sbcglobal.net
Mon Jun 11 19:08:25 UTC 2012
On 06/07/2012 08:39 AM, Mika Suomalainen wrote:
...
>
> Hi "moderator",
>
> There are two big issues with these mailing lists, could you take a
> look at them?
>
> 1. PGP/MIME signatures cannot be verified, see
> https://bugs.launchpad.net/ubuntu/+bug/996581 .
Unless I've missing something - PGP/MIME signatures can certainly be
verified on this list. Take a look at Oliver's reply to you - I have
Oliver's pgp key in my keyring & his emails definitely appear as
decrypted to me. Yours on the otherhand does not as I've not imported
your pgp key & enigmail (openPGP) then give me the option to import your
public key(s - 19?). However were I to import your key(s) yours would be
the same. So what am I missing? (serious question - not attempting to be
facetious)
Oliver uses PGP/MIME (as do all of the signed emails on the Ubuntu
Security Announce list):
====
--------------enig87C08C9590005E7255B14A56
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
====
Yours on the otherhand does not & is clear-signed:
====
____________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Also note that enigmail 1.2 w/gnupg 14 does not retrieve your public key
automatically either:
> OpenPGP Security Info
>
> Unverified signature
>
> gpg command line and output:
> /usr/bin/gpg2
> gpg: Signature made Fri 08 Jun 2012 08:20:05 AM PDT using RSA key ID 82A46728
> gpg: Can't check signature: No public key
However, if I go and import your key from a public server directly:
gpg: requesting key 82A46728 from hkp server pool.sks-keyservers.net
gpg: key 82A46728: public key "Mika Suomalainen" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
OpenPGP Security Info
UNTRUSTED Good signature from Mika Suomalainen
<mika.henrik.mainio at hotmail.com>
Key ID: 0x82A46728 / Signed on: 06/11/2012 08:51 AM
Key fingerprint: 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728
and from that point on, I no longer have to look at your clear-signed
key in my email msg display :-)
====
$ apt-cache policy gnupg2
gnupg2:
Installed: 2.0.14-2ubuntu1
Candidate: 2.0.14-2ubuntu1
Version table:
*** 2.0.14-2ubuntu1 0
500 http://mirrors.us.kernel.org/ubuntu/ natty/main amd64 Packages
100 /var/lib/dpkg/status
(yes I know 2.0.19 is released - but Ubuntu is only up to 2.0.17)
Enigmail 1.4.2
Nice, simple matrix:
<http://www.phildev.net/pgp/pgp_clear_vs_mime.html>
[GPG Signing: Traditional vs. PGP/Mime]
...
More information about the ubuntu-users
mailing list