[PGP/MIME Signatures] was: Re: Message to "moderator" Koh Choon Lin

NoOp glgxg at sbcglobal.net
Mon Jun 11 19:08:25 UTC 2012 

On 06/07/2012 08:39 AM, Mika Suomalainen wrote:
...
> 
> Hi "moderator",
> 
> There are two big issues with these mailing lists, could you take a
> look at them?
> 
> 1. PGP/MIME signatures cannot be verified, see
> https://bugs.launchpad.net/ubuntu/+bug/996581 .

Unless I've missing something - PGP/MIME signatures can certainly be
verified on this list. Take a look at Oliver's reply to you - I have
Oliver's pgp key in my keyring & his emails definitely appear as
decrypted to me. Yours on the otherhand does not as I've not imported
your pgp key & enigmail (openPGP) then give me the option to import your
public key(s - 19?). However were I to import your key(s) yours would be
the same. So what am I missing? (serious question - not attempting to be
facetious)

Oliver uses PGP/MIME (as do all of the signed emails on the Ubuntu
Security Announce list):
====
--------------enig87C08C9590005E7255B14A56
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
====

Yours on the otherhand does not & is clear-signed:
====
____________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

Also note that enigmail 1.2 w/gnupg 14 does not retrieve your public key
automatically either:

> OpenPGP Security Info
> 
> Unverified signature
> 
> gpg command line and output:
> /usr/bin/gpg2
> gpg: Signature made Fri 08 Jun 2012 08:20:05 AM PDT using RSA key ID 82A46728
> gpg: Can't check signature: No public key

However, if I go and import your key from a public server directly:
gpg: requesting key 82A46728 from hkp server pool.sks-keyservers.net
gpg: key 82A46728: public key "Mika Suomalainen" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

OpenPGP Security Info

UNTRUSTED Good signature from Mika Suomalainen
<mika.henrik.mainio at hotmail.com>
Key ID: 0x82A46728 / Signed on: 06/11/2012 08:51 AM
Key fingerprint: 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728

and from that point on, I no longer have to look at your clear-signed
key in my email msg display :-)

====

$ apt-cache policy gnupg2
gnupg2:
  Installed: 2.0.14-2ubuntu1
  Candidate: 2.0.14-2ubuntu1
  Version table:
 *** 2.0.14-2ubuntu1 0
        500 http://mirrors.us.kernel.org/ubuntu/ natty/main amd64 Packages
        100 /var/lib/dpkg/status

(yes I know 2.0.19 is released - but Ubuntu is only up to 2.0.17)

Enigmail 1.4.2

Nice, simple matrix:
<http://www.phildev.net/pgp/pgp_clear_vs_mime.html>
[GPG Signing: Traditional vs. PGP/Mime]
...

More information about the ubuntu-users mailing list