Problems verifying signature with autoimported keys
David Shaw
dshaw at jabberwocky.com
Wed Feb 5 14:47:02 CET 2003
On Wed, Feb 05, 2003 at 01:51:04PM +0100, Holger Sesterhenn wrote:
> Hi,
>
> >>[GNUPG:] SIG_ID skATzmEpRldO4qfomtEO27ZoSTg 2003-02-04 1044382098
> >>[GNUPG:] GOODSIG 2222222222222000 userB <userB at internet>
> >>gpg: Good signature from "userB <userB at internet>"
> >>gpg: aka "alias userB <userB at somewhere>"
> >>[GNUPG:] VALIDSIG 2222222222222222222000000 2003-02-04 1044382098 0
> >>[GNUPG:] TRUST_FULLY
> >>[GNUPG:] DECRYPTION_OKAY
> >>gpg: WARNING: message was not integrity protected
> >
> >
> >This is a good signature. Is the message that is concerning you the
> >"message was not integrity protected" warning? That is not part of
> >the signature.
>
> Ups?! I have other messages which are signed (cleartext, opaque,
> enc+signed) and all of them show a "[GNUPG:] GOODMDC" instead of this
> message. What might be the difference?
>
> The signature itself is correct, I know but there must be something wrong
> with the trust, right? Doesn't mean "integrity protected" that the
> signature should be correct?
No, the integrity protection (MDC) is unrelated to the trust or the
signature. It is a fairly new feature in OpenPGP that protects
against certain kinds of message tampering. Rather like a signature,
but it works for unsigned messages as well. The warning just means
that the message didn't have a MDC. You can disable the warnings with
"no-mdc-warning" if you don't want to see them.
David
--
David Shaw | dshaw at jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
More information about the Gnupg-devel
mailing list