On 5/17/26 10:51, Lars Noodén via Gnupg-users wrote:
On 5/17/26 17:35, Robert J. Hansen via Gnupg-users wrote:
What should I be looking at to work with an old version of GnuPG
having sufficiently outdated cipher and checksum algorithms to
verify a Usenet message¹ from 1995?
GnuPG 1.4 might be able to. But you'll need Ylönen's ClassicPGP
certificate, I'm afraid, and that might be hard to find.
Thanks. I've installed GnuPG 1.4.23-2 for now.
And it looks like Tatu Ylönen's public key is there at the end of his
message, plus there is the same key ID at pgp.mit.edu even today. But
that public key is not self-signed which presents a problem that I
have tried to address¹ with the --allow-non-selfsigned-uid option.
However, if the above approach was correct, then I'm somehow
approaching the verification incorrectly:
$ gpg1 --list-keys
/home/me/.gnupg/pubring.gpg
-----------------------------
pub 1024R/DCB9AE01 1995-04-24
uid Ssh distribution key <[email protected]>
$ gpg1 --verify message.usenet
gpg: Signature made Wed 12 Jul 1995 05:50:42 PM EEST using RSA key ID
961F4A35
gpg: Can't check signature: public key not found
$ gpg1 -u [email protected] --verify message.usenet
gpg: Signature made Wed 12 Jul 1995 05:50:42 PM EEST using RSA key ID
961F4A35
gpg: Can't check signature: public key not found
Found your problem: the signature is from key 961F4A35 but you only
have key DCB9AE01. "Go fish"---you will need the public key with ID
961F4A35 to verify that signature.
-- Jacob
_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users
