On 02/22/2018 11:03 PM, Henry wrote:
> 2018-02-21 20:56 GMT+09:00 Kristian Fiskerstrand
> <kristian.fiskerstr...@sumptuouscapital.com>:
>> On 02/21/2018 11:53 AM, Peter Lebbing wrote:
>> Touché :) Indeed, didn't notice it was an old file/signature , then
>> gnupg 1.4 is the recommended official suggestion presuming established
>> validity of key material etc etc.
> gpg (GnuPG) 1.4.22 does give more information, but no success; see
> below.  May I assume that nothing
> can be done other than to request the author to remedy the situation?
> Thanks all.

Signatures made with known-weak digest algorithms are normally
allows the verification of signatures made with such weak algorithms.
MD5 is the only digest algorithm considered weak by default.

> Henry
> result of using gnupg 1.4:
> % gpg1 --import D5327CB9.key
> gpg: key D5327CB9: "author <aut...@xxx.org>" not changed
> gpg: Note: signatures using the MD5 algorithm are rejected
> gpg: key D5327CB9: no valid user IDs
> gpg: this may be caused by a missing self-signature
> gpg: Total number processed: 2
> gpg:           w/o user IDs: 1
> gpg:              unchanged: 1
> % gpg1 --verify ***6.4.tar.gz.sig ***6.4.tar.gz
> gpg: Signature made Tue May  4 23:03:11 2004 JST using RSA key ID D5327CB9
> gpg: Can't check signature: public key not found

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"The laws of Australia prevail in Australia, I can assure you of that.
The laws of mathematics are very commendable, but the only laws that
applies in Australia is the law of Australia."
(Malcolm Turnbull, Prime Minister of Australia).

Attachment: signature.asc
Description: OpenPGP digital signature

Gnupg-users mailing list

Reply via email to