1.0.3 fails to verify RSA signature, 1.0.2 is OK

Keith Owens kaos@ocs.com.au
Sat, 30 Sep 2000 23:13:09 +1100


ftp://ftp.wu-ftpd.org/pub/wu-ftpd/
  wu-ftpd-2.6.1.tar.gz. . . . . .   [Jul 1  19:13]    334K
  wu-ftpd-2.6.1.tar.gz.asc. . . .   [Jul 1  19:13]      1K

The signature verifies using gnupg 1.0.2 and load-extension rsaref.
It does not verify using stock gnupg 1.0.3, with or without rsaref.
--emulate-md-encode-bug makes no difference.

1.0.2 + load-extension rsaref
# ./gpg wu-ftpd-2.6.1.tar.gz.asc
gpg: Warning: using insecure memory!
Detached signature.
Please enter name of data file: wu-ftpd-2.6.1.tar.gz
gpg: Signature made Sun Jul  2 15:18:43 2000 EST using RSAREF key ID 62885875
gpg: Good signature from "WU-FTPD Development Group <wuftpd-members@wu-ftpd.org>"
Could not find a valid trust path to the key.  Let's see whether we
can assign some missing owner trust values.

No path leading to one of our keys found.

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
gpg: Fingerprint: B1 9B 35 09 FE 34 98 25  8C CD B8 4F 90 DB 42 82

1.0.3, with or without load-extension rsaref, using the same files and
keyring as 1.0.2.
# gpg wu-ftpd-2.6.1.tar.gz.asc
Detached signature.
Please enter name of data file: wu-ftpd-2.6.1.tar.gz
gpg: Signature made Sun Jul  2 15:18:43 2000 EST using RSA key ID 62885875
gpg: BAD signature from "WU-FTPD Development Group <wuftpd-members@wu-ftpd.org>"

Fingerprint, either version.
# gpg --fingerprint wuftpd
pub  1024R/62885875 1999-05-22 WU-FTPD Development Group <wuftpd-members@wu-ftpd.org>
     Key fingerprint = B1 9B 35 09 FE 34 98 25  8C CD B8 4F 90 DB 42 82

-- 
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org