preferring --check-sigs over --list-sigs [was: Re: Houston, we have a problem]
Stefan Claas
stefan.claas at posteo.de
Thu Sep 28 13:59:59 CEST 2017
Am 28.09.2017 um 13:30 schrieb Andrew Gallagher:
> On 2017/09/28 10:57, Stefan Claas wrote:
>> Now i have a problem lol... with my new pub key and --check-sigs.
>>
>> My new pub key 3BB27531899F06EA4582B2E9D68B6EAC6ECF3AB6 was signed
>> by Governikus 864E8B951ECFC04AF2BB233E5E5CCCB4A4BF43D7 and when doing
>> a --check-sigs i get an error...under Windows 7 and gpg4win GnuPG 2.2.1,
>> which i just
>> downloaded... Therfore i checked other users, which have a Governikus
>> sig3 and
>> the error persists. Any ideas gentlemen?
> What specific error are you getting? I don't see any errors using
> --check-sigs on that key, but then I don't trust Governikus so I'm not
> performing the same test that you are.
Well, i installed today at work gpg4win (GnuPG 2.2.1) and it tells me when
downloading my pub key 1 bad signature in German. when doing a --check-sigs
it tells me in German:
gpg: 5 korrekte Signaturen
gpg: 1 falsche Beglaubigung
the good signatures are shown with gpg in cmd.exe as sig!3 and the bad
signature is
shown as sig-3. Same applies when i do gpg --recv-keys/--check-sigs from
other keys
signed by Governikus.
>
> BTW, your usage of key IDs to contain arbitrary text produces some weird
> results:
>
>
When long time ago Facebook's pub key received it's vanity sigs i was
upset and decided
to no longer support traditional key servers and added this text to my key.
Regards
Stefan
More information about the Gnupg-users
mailing list