On Tue, Mar 19, 2002 at 11:09:23PM +0100, [EMAIL PROTECTED] wrote: > On Tue, Mar 19, 2002 at 09:41:06PM +0000, Dave Smith wrote: > > Maybe I'm being stupid here, but it appears that mutt and GPG are > > behaving correctly. How can it verify the signature on the message > > if it wasn't signed? > Or maybe I'm stupid ;) Why write anything about signature if it wasn't > signed?
Because it wants to. Because it feels lonely and wants someone to talk to. :-) > > signed), there is no signature to verify, which is why you get > > "PGP signature could NOT be verified." > So this message means: > "You can't be sure who sent this mail because there were no signature > to check" > and not: > "The signature is BAD, so somebody is cheating" Replace "not" with "not necessarily". The message means "GPG didn't tell me that it managed to validate a correct signature". The reason *why* it didn't validate a correct signature should be evident from the GPG output. The output of GPG will give you a clue if someone is cheating - I'm not sure of the exact output, but I'm sure it would shout loudly. I have signed this message with a bogus key, so you can see what happens. My real key is available on www.keyserver.net. -- David Smith Work Email: [EMAIL PROTECTED] STMicroelectronics Home Email: [EMAIL PROTECTED] Bristol, England
msg25738/pgp00000.pgp
Description: PGP signature