On Mon, Jun 27, 2016 at 10:48:54AM -0700, Claus Assmann wrote: > mutt/gpg gives me a "BAD signature" for some recent mails on the > openssl users list, one example message is attached. Can someone > else reproduce the problem (the author says it verifies for him)? > If the signature verifies for you, which mutt / gpg version do you > use? (and any hints what might be broken in my setup?) > > Mutt 1.5.24+24 (4de4b3635140) (2015-08-30) > gpg (GnuPG) 1.4.19
Does it verify when he receives a copy from the list? I saved the signature and text part of the email separately, and also get bad signature with gpg2 via commandline (and no extra info that might explain it). So wondering if the list manager software is just mangling part of the message or something. aura% gpg --version gpg (GnuPG) 2.1.11 libgcrypt 1.6.5 Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 aura% gpg --verify mc1.txt.asc gpg: assuming signed data in 'mc1.txt' gpg: Signature made Mon Jun 27 01:21:55 2016 PDT using RSA key ID 0E604491 gpg: BAD signature from "Matt Caswell <m...@openssl.org>" [unknown] aura% gpg -kv 0x0E604491 gpg: using PGP trust model pub rsa2048/0E604491 2013-04-30 [SC] uid [ unknown] Matt Caswell <m...@openssl.org> uid [ unknown] Matt Caswell <fr...@baggins.org> sub rsa2048/E3C21B70 2013-04-30 [E] aura% sha256 mc1.txt SHA256 (mc1.txt) = 4801ffad1605f599baba0b93b51048b8569c2459764eebafb4fff38ee5a97080