Re: Mutt and GPG - claims ALL signatures can't be verified
On Sat, Jun 12, 2010 at 09:25:31AM -0400, Rob Owens wrote: > Hey, I just noticed that there are 2 different keys for you on the public key > server. Are you sure you're using the right one to verify the > signatures? Yes, there are two keys - old one and new one. Unfortunately, old one was created and uploaded when I just played with GPG, I didn't know about revoking that time. At some moment I just lost that key, so now I can't delete it from servers. That one which I use now is "new" or "current" one, and I use only it. -- Regards, Alexander Batischev 1024D/69093C81 F870 A381 B5F5 D2A1 1B35 4D63 A1A7 1C77 6909 3C81 signature.asc Description: Digital signature
Re: Mutt and GPG - claims ALL signatures can't be verified
On Sat, Jun 12, 2010 at 09:22:45AM -0400, Rob Owens wrote: > (...) > > If this problem started when you imported your private key, then maybe > that was not done correctly. Is there a step that needs to be taken > besides simply importing? (I don't know the answer to that). I think that now, when I already solved the problem, I can answer your question. The answer is "no, there is no other steps required; simple key import is enough". -- Regards, Alexander Batischev 1024D/69093C81 F870 A381 B5F5 D2A1 1B35 4D63 A1A7 1C77 6909 3C81 signature.asc Description: Digital signature
Re: Mutt and GPG - claims ALL signatures can't be verified
On Sat, 12 Jun 2010 01:52:54 +0300, Alexander Batischev wrote: > On Fri, Jun 11, 2010 at 09:39:58PM +, Camaleón wrote: (...) >> Well, what we are testing here (by using another e-mail client) is GPG >> and your keyring configuration, so you better try with a GUI e-mail >> client that uses the system-wide GPG and keyring setup (if you are in >> GNOME, try Evolution; if using KDE try with KMail). >> >> Thunderbird has its own plugin to manage PGP keys (via Enigmail), I >> guess. > > Okay, I installed Icedove and Enigmail, then sent signed message to > myself. Icedove says that sign is well, mutt still claims that sign can > not be verified (but it shows two lines which I mentioned before, > between headers and body). > > So problem is in mutt's configuration, right? Mmm, maybe. You can launch Mutt in debug mode (mutt -d 3), so it logs any message to "~/.muttdebug0". Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2010.06.12.16.11...@gmail.com
Re: Mutt and GPG - claims ALL signatures can't be verified
On Fri, Jun 11, 2010 at 08:48:09PM +0300, Alexander Batischev wrote: > I'm using mutt for about a month already. Almost all problems already solved, > I > successfully moved to IMAP. It's time to get GPG signing to work. > > As you probably noticed, all my messages are signed. But when I open any--even > my own!--message, mutt tells me that PGP signature can NOT be verified. Which > is more interesting, I did not have that problem before I imported my secure > key (it was stored on desktop; now I'm mostly use netbook). I mean, I had PGP > set but I didn't have secure key so I did not sign my messages, just verify > other's. > Hey, I just noticed that there are 2 different keys for you on the public key server. Are you sure you're using the right one to verify the signatures? -Rob -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100612132531.gc6...@aurora.owens.net
Re: Mutt and GPG - claims ALL signatures can't be verified
On Fri, Jun 11, 2010 at 08:48:09PM +0300, Alexander Batischev wrote: > I'm using mutt for about a month already. Almost all problems already solved, > I > successfully moved to IMAP. It's time to get GPG signing to work. > > As you probably noticed, all my messages are signed. But when I open any--even > my own!--message, mutt tells me that PGP signature can NOT be verified. Which > is more interesting, I did not have that problem before I imported my secure > key (it was stored on desktop; now I'm mostly use netbook). I mean, I had PGP > set but I didn't have secure key so I did not sign my messages, just verify > other's. > > I did some little research on the web. It seems that problem is pretty > popular, > and most common answer is to set pgp_good_sign in muttrc. As far as I copied > my > GPG config from Mutt GnuPG HowTo[1], I already had that option set. I also > tried to set it to the following: > > set pgp_good_sign="`gettext -d gnupg -s 'Good signature from "' | tr -d > '"'`" > > which, as I could understand, is just a trick to add sender's name to GPG's > verification message, but it didn't solve my problem. I also tried to not set > this option, with no luck. Does anyone have any advice? > > My .muttrc attached. > > > 1. http://codesorcery.net/old/mutt/mutt-gnupg-howto > I'm using Mutt and GPG, and it's working fine. I'm pretty sure all my system config files for Mutt and GPG are untouched. Here are the relevant GPG lines from my .muttrc. Don't ask me to explain them, they are copy-and-pasted from some website somewhere (by the way, I remember having a lot of trouble finding a website that had accurate information on how to do this). # GPG / PGP rules set pgp_encrypt_only_command="/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt-to 70952D9D --encrypt --textmode --armor --always-trust -- -r %r -- %f" set pgp_encrypt_sign_command="/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt-to 70952D9D --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f" # no encryption or signature by default: send-hook . 'set pgp_autosign=no; set pgp_autoencrypt=no' # always encrypt and sign to some recipients: send-hook '~t "(u...@domain.com|us...@domain.com|otheru...@domain.net)"' 'set pgp_autosign=yes; set pgp_autoencrypt=yes' For GUIs, I like seahorse and thunderbird's enigmail GUI (even if you're not using thunderbird/icedove for email, the GPG GUI is helpful). If this problem started when you imported your private key, then maybe that was not done correctly. Is there a step that needs to be taken besides simply importing? (I don't know the answer to that). Maybe you should take this outside of Mutt and see what happens. Can you sign a file and then verify its signature? You might at least get more helpful error messages this way. -Rob -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100612132245.gb6...@aurora.owens.net
Re: Mutt and GPG - claims ALL signatures can't be verified
On Fri, Jun 11, 2010 at 09:39:58PM +, Camaleón wrote: > > Better than before, but mutt still claims "signature can NOT be > > verified"… > > Still? From where are you getting that "not verified" message? From > Mutt's pager? Yes, mutt's pager. Message appears at the very bottom of the screen. > Also, the message should be automatically marked with "S" (uppercase "s") > when the signature has been successfully verified. Are you seeing that > "S" in your message? No, it's "s" for all signed messages. > >> Also, test it with another e-mail client (thunderbird, kmail, > >> evolution...) so you can compare the results. > > > > One thing why I don't like GUI apps as much as CLI: something might work > > or might not, and in both cases you hardly find out why. Are there > > another mail client as flexible in setup as mutt, so if I see GPG > > working in there I could look how it is configured? > > Well, what we are testing here (by using another e-mail client) is GPG > and your keyring configuration, so you better try with a GUI e-mail > client that uses the system-wide GPG and keyring setup (if you are in > GNOME, try Evolution; if using KDE try with KMail). > > Thunderbird has its own plugin to manage PGP keys (via Enigmail), I guess. Okay, I installed Icedove and Enigmail, then sent signed message to myself. Icedove says that sign is well, mutt still claims that sign can not be verified (but it shows two lines which I mentioned before, between headers and body). So problem is in mutt's configuration, right? -- Regards, Alexander Batischev 1024D/69093C81 F870 A381 B5F5 D2A1 1B35 4D63 A1A7 1C77 6909 3C81 signature.asc Description: Digital signature
Re: Mutt and GPG - claims ALL signatures can't be verified
On Sat, 12 Jun 2010 00:09:30 +0300, Alexander Batischev wrote: > On Fri, Jun 11, 2010 at 06:59:23PM +, Camaleón wrote: >> Then maybe is that you have to "explicitely" import the key and trust >> that key. Did you already do that? :-? > > Well, okay, I set trust for my key to 5 (absolute) and for Boyd's to 4. > Now when I open my message, I see the following: > > [-- PGP output follows (current time: Fri Jun 11 23:59:09 2010) --] > gpg: Signature made Fri Jun 11 21:37:57 2010 EEST using DSA key ID > 69093C81 > gpg: Good signature from "Alexander Batischev " > [-- End of PGP output --] That message looks right. > Better than before, but mutt still claims "signature can NOT be > verified"… Still? From where are you getting that "not verified" message? From Mutt's pager? Also, the message should be automatically marked with "S" (uppercase "s") when the signature has been successfully verified. Are you seeing that "S" in your message? >> Also, test it with another e-mail client (thunderbird, kmail, >> evolution...) so you can compare the results. > > One thing why I don't like GUI apps as much as CLI: something might work > or might not, and in both cases you hardly find out why. Are there > another mail client as flexible in setup as mutt, so if I see GPG > working in there I could look how it is configured? Well, what we are testing here (by using another e-mail client) is GPG and your keyring configuration, so you better try with a GUI e-mail client that uses the system-wide GPG and keyring setup (if you are in GNOME, try Evolution; if using KDE try with KMail). Thunderbird has its own plugin to manage PGP keys (via Enigmail), I guess. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2010.06.11.21.39...@gmail.com
Re: Mutt and GPG - claims ALL signatures can't be verified
Done a little more research: I used lsign (local sign) command and signed Andrei Popescu's key. Then I set full trust for it. After that, mutt showed me message like that one showed in previous post: just two lines saying sign is correct. But mutt still says that sign can not be verified! I definitely missed something about GPG signing/web of trust/etc... -- Regards, Alexander Batischev 1024D/69093C81 F870 A381 B5F5 D2A1 1B35 4D63 A1A7 1C77 6909 3C81 signature.asc Description: Digital signature
Re: Mutt and GPG - claims ALL signatures can't be verified
On Fri, Jun 11, 2010 at 06:59:23PM +, Camaleón wrote: > On Fri, 11 Jun 2010 21:37:57 +0300, Alexander Batischev wrote: > > > On Fri, Jun 11, 2010 at 06:21:14PM +, Camale??n wrote: > > >> In order to verify a signed message, either you have to previosuly > >> import the key into your keyring or you need to setup Mutt to retrieve > >> the key from public servers. > > > > I have all the keys retrieved (previously, I run gpg --recv-keys keyID > > every time I face with new key; now I just set "keyserver-options > > auto-key-retrieve" in ~/.gnupg/gpg.conf, so all new keys are retrieved > > automatically). And it still doesn't explain why my own signature can't > > be verified, too. > > Then maybe is that you have to "explicitely" import the key and trust > that key. Did you already do that? :-? Well, okay, I set trust for my key to 5 (absolute) and for Boyd's to 4. Now when I open my message, I see the following: [-- PGP output follows (current time: Fri Jun 11 23:59:09 2010) --] gpg: Signature made Fri Jun 11 21:37:57 2010 EEST using DSA key ID 69093C81 gpg: Good signature from "Alexander Batischev " [-- End of PGP output --] Better than before, but mutt still claims "signature can NOT be verified"… > Also, test it with another e-mail client (thunderbird, kmail, > evolution...) so you can compare the results. One thing why I don't like GUI apps as much as CLI: something might work or might not, and in both cases you hardly find out why. Are there another mail client as flexible in setup as mutt, so if I see GPG working in there I could look how it is configured? -- Regards, Alexander Batischev 1024D/69093C81 F870 A381 B5F5 D2A1 1B35 4D63 A1A7 1C77 6909 3C81 signature.asc Description: Digital signature
Re: Mutt and GPG - claims ALL signatures can't be verified
On Fri, 11 Jun 2010 21:37:57 +0300, Alexander Batischev wrote: > On Fri, Jun 11, 2010 at 06:21:14PM +, Camale??n wrote: >> In order to verify a signed message, either you have to previosuly >> import the key into your keyring or you need to setup Mutt to retrieve >> the key from public servers. > > I have all the keys retrieved (previously, I run gpg --recv-keys keyID > every time I face with new key; now I just set "keyserver-options > auto-key-retrieve" in ~/.gnupg/gpg.conf, so all new keys are retrieved > automatically). And it still doesn't explain why my own signature can't > be verified, too. Then maybe is that you have to "explicitely" import the key and trust that key. Did you already do that? :-? > When I open my own message, I have this on the top, right between > headers and body: > > [-- PGP output follows (current time: Fri Jun 11 21:26:24 2010) --] gpg: > Signature made Fri Jun 11 20:48:09 2010 EEST using DSA key ID 69093C81 > gpg: Good signature from "Alexander Batischev " gpg: > WARNING: This key is not certified with a trusted signature! gpg: > There is no indication that the signature belongs to the owner. > Primary key fingerprint: F870 A381 B5F5 D2A1 1B35 4D63 A1A7 1C77 6909 > 3C81 [-- End of PGP output --] > > I'm little worried about "not certified with a trusted signature" - it's > my own signature, it should be trusted, innit? Yes, I also see that warning in Mutt for signed e-mails coming for users that I have not added nor marked as "trusted" into my keyring. Also, test it with another e-mail client (thunderbird, kmail, evolution...) so you can compare the results. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2010.06.11.18.59...@gmail.com
Re: Mutt and GPG - claims ALL signatures can't be verified
On Fri, Jun 11, 2010 at 06:21:14PM +, Camale??n wrote: > On Fri, 11 Jun 2010 21:03:22 +0300, Alexander Batischev wrote: > > > Some thoughts which just came to my head: can it be because of lack of > > trusted keys? I did not set anyone's key as trusted, so I don't have web > > of trust. This still don't explain (in my opinion, at least) why my own > > signature can't be verified. > > Exactly (a very good explanation about that, here): > > http://wiki.mutt.org/?MuttGuide/UseGPG Yeah, I've read it before, but still can't understand... > In order to verify a signed message, either you have to previosuly import > the key into your keyring or you need to setup Mutt to retrieve the key > from public servers. I have all the keys retrieved (previously, I run gpg --recv-keys keyID every time I face with new key; now I just set "keyserver-options auto-key-retrieve" in ~/.gnupg/gpg.conf, so all new keys are retrieved automatically). And it still doesn't explain why my own signature can't be verified, too. When I open my own message, I have this on the top, right between headers and body: [-- PGP output follows (current time: Fri Jun 11 21:26:24 2010) --] gpg: Signature made Fri Jun 11 20:48:09 2010 EEST using DSA key ID 69093C81 gpg: Good signature from "Alexander Batischev " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: F870 A381 B5F5 D2A1 1B35 4D63 A1A7 1C77 6909 3C81 [-- End of PGP output --] I'm little worried about "not certified with a trusted signature" - it's my own signature, it should be trusted, innit? -- Regards, Alexander Batischev 1024D/69093C81 F870 A381 B5F5 D2A1 1B35 4D63 A1A7 1C77 6909 3C81 signature.asc Description: Digital signature
Re: Mutt and GPG - claims ALL signatures can't be verified
On Fri, 11 Jun 2010 21:03:22 +0300, Alexander Batischev wrote: > Some thoughts which just came to my head: can it be because of lack of > trusted keys? I did not set anyone's key as trusted, so I don't have web > of trust. This still don't explain (in my opinion, at least) why my own > signature can't be verified. Exactly (a very good explanation about that, here): http://wiki.mutt.org/?MuttGuide/UseGPG In order to verify a signed message, either you have to previosuly import the key into your keyring or you need to setup Mutt to retrieve the key from public servers. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2010.06.11.18.21...@gmail.com
Re: Mutt and GPG - claims ALL signatures can't be verified
Some thoughts which just came to my head: can it be because of lack of trusted keys? I did not set anyone's key as trusted, so I don't have web of trust. This still don't explain (in my opinion, at least) why my own signature can't be verified. -- Regards, Alexander Batischev 1024D/69093C81 F870 A381 B5F5 D2A1 1B35 4D63 A1A7 1C77 6909 3C81 signature.asc Description: Digital signature