On Sun, Sep 28, 2003, Moshe Kaminsky wrote about "verifying mail signatures from the
command line":
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
Strange, it appears that the mail you sent was *not* signed using a seperate
attachment, but rather in a non-MIME way, so a simple "gpg --verify" should
be used to verify it. In fact this is what I had to run ("|gpg --verify")
to verify your message in mutt because mutt doesn't understand this format
(or at least my setup, which I copied from the standard mutt documentation:
/usr/share/doc/mutt-1.4.1/gpg.rc
)
By the way, you might want to send your public key (gpg --send-keys C28C05E3)
to some key server, otherwise nobody will have a copy of your public key.
It would be even better if you got other people to sign your key, and join
the "web of trust".
> My mail client (mutt) signs mail messages with several parts by putting
> the pgp signature as a separate attachment. The mail client itself has
> no problem verifying the signature of such an email. However, when I try
> to verify the signature from the command line, I get only "BAD
> signature..." replies. I guess the reason is that I don't know what is
> the precise text that gets signed, but I tried all reasonable
> combinations of attachments, and it fails with all of them. How can I
> verify the signature of such an email from the command line?
Sorry, I don't know. (why did I reply, then? :( Sorry for not being more
helpful)
--
Nadav Har'El | Monday, Sep 29 2003, 3 Tishri 5764
[EMAIL PROTECTED] |-----------------------------------------
Phone: +972-53-790466, ICQ 13349191 |If you lost your left arm, your right arm
http://nadav.harel.org.il |would be left.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
